Digital security is the process of protecting your online identity, data, and other assets from intruders, such as hackers, scammers, and fraudsters. It is essential for trust in the digital age, as well as for innovation, competitiveness, and growth. This field covers the economic and social aspects of cybersecurity, as opposed to purely technical aspects and those related to criminal law enforcement or national and international security.
In this category, you will find articles related to digital security that have a direct or indirect connection with the activities of Freemindtronic Andorra or that may interest the readers of the article published in this category. You will learn about the latest trends, challenges, and solutions in this field, as well as the best practices and recommendations from experts and organizations such as the OECD. You will also discover how to protect your personal data from being used and sold by companies without your consent.
Whether you are an individual, a business owner, or a policy maker, you will benefit from reading these articles and gaining more knowledge and awareness about this topic and its importance for your online safety and prosperity. Some of the topics that you will find in this category are:
How to prevent and respond to cyberattacks
How to use encryption and cryptography to secure your data
How to manage risks and vulnerabilities
How to comply with laws and regulations
How to foster a culture of security in your organization
How to educate yourself and others about this topic
We hope that you will enjoy reading these articles and that they will inspire you to take action to improve your security. If you have any questions or feedback, please feel free to contact us.
PrintListener: The Sound of your Fingers can Reveal your Fingerprints
PrintListener emerges as a groundbreaking technology challenging the reliability of fingerprint security. By capturing the unique sound of finger friction on touchscreens, it enables the reproduction of fingerprints. This innovative approach sets PrintListener apart, highlighting its potential to redefine biometric security measures. As we explore its implications, the need for heightened awareness and protective strategies becomes evident.
Stay informed in our posts dedicated to Digital Security to follow its evolution thanks to our regularly updated topics
Learn more through this Digital Security section on the new possibility of corrupting fingerprints written by Jacques Gascuel, creator of data security solutions. Stay informed and safe with our regular updates.
PrintListener: How this Technology can Betray your Fingerprints and How to Protect yourself
PrintListener revolutionizes the realm of Acoustic Analysis Attacks by honing in on the unique sound of finger friction on touchscreens. This novel approach allows for the replication of fingerprints, marking a significant advancement in the field. Unlike traditional techniques that broadly utilize sound to breach security, PrintListener’s methodical focus distinguishes it as a pioneering and distinct attack strategy. This specificity in exploiting fingerprint authentication systems through acoustic signals elevates PrintListener above conventional methods. As we delve deeper into PrintListener, understand the risks it poses to identity and data, and explore protective measures, this article serves as a crucial guide for safeguarding against such innovative threats.
What is PrintListener?
PrintListener is the result of a collaboration between researchers from Zhejiang University, the University of Illinois at Urbana-Champaign, and the University of Washington. They presented their technology at the ACM CCS 2022 conference, one of the most prestigious in the field of computer security. Their paper, titled “PrintListener: Fingerprinting Smartphones from Touchscreen Sound”, describes in detail the working and evaluation of PrintListener¹.
Fingerprint readers are increasingly common on smartphones, computers, or applications. They are supposed to offer a high level of security, by verifying the user’s identity from their unique fingerprint.
But PrintListener can fool these readers, by using the fingerprint copies it has generated. The researchers showed that their software could succeed in attacking up to 27.9% of partial fingerprints and 9.3% of full fingerprints in only five attempts, even at the highest security level¹.
Hackers could thus access your accounts, data, or services without your consent. They could capture the sound of your fingers from various sources, such as speakerphone calls, voice messages, or online games.
How to protect yourself against PrintListener?
PrintListener represents a serious threat to biometric security, which was until now considered infallible. To protect yourself against this vulnerability, you should adopt proactive security measures, such as:
Updating your antivirus, which could detect and block PrintListener or other malware.
Using headphones or earphones, to prevent the sound of your fingers from being captured by the microphone of your smartphone or computer.
Activating other authentication modes, such as PIN code or facial recognition, which are less prone to hacking.
Changing your passwords regularly, and using strong and different passwords for each account.
How to corrupt a fingerprint?
If PrintListener is not yet available to the public, there are other methods to corrupt a fingerprint. Some are simpler than others, but they all require a certain level of skill and equipment.
Making a mold. This involves reproducing the fingerprint of a person from an object they have touched, such as a glass, a door handle, or a keyboard. You then need to use a malleable material, such as clay, wax, or gelatin, to create a faithful imprint. This imprint can then be transferred to a rigid support, such as plastic or metal, to create a fake fingerprint.
Using a 3D printer. This involves scanning the fingerprint of a person from a photo, a video, or an optical sensor. You then need to use a 3D modeling software to create a digital model of the fingerprint. This model can then be printed in 3D with a conductive material, such as copper or silver, to create a fake fingerprint.
Modifying your own fingerprint. This involves changing the appearance of your fingerprint by using invasive or non-invasive techniques. The invasive techniques consist of injuring, burning, or cutting your finger to modify the lines and ridges of the fingerprint. The non-invasive techniques consist of sticking, painting, or tattooing your finger to mimic the fingerprint of another person.
These methods are more or less effective depending on the type of fingerprint reader used. Some readers are more sensitive than others to the temperature, pressure, conductivity, or depth of the fingerprint. You therefore need to adapt your method according to the reader to attack.
Statistics on fingerprint security
Fingerprint security is widely used in various domains, such as banking, healthcare, law enforcement, or travel. However, it is not flawless, and it can be compromised by different methods, such as PrintListener or others. Here are some statistics on fingerprint security that you should know:
The global biometric authentication and identification market size was estimated at 17.28 billion U.S. dollars in 2019 and is expected to reach 59.31 billion U.S. dollars by 2027.
It is estimated that hackers carry out attacks on computers and networks at an interval of 39 seconds. A new research showed that their unsecured computer was attacked 100k times per day, which is a huge increase on previous findings.
These statistics show that fingerprint security is a popular and growing market, but also a vulnerable and risky one. Therefore, it is important to be aware of the potential threats and to take preventive measures to protect your identity and data.
Summary and further reading
In this article, we have explained what PrintListener is, how it works, how it can attack fingerprint readers, and how to protect yourself against it. We have also provided some statistics on fingerprint security that illustrate the importance and the challenges of this technology.
PrintListener is not the only method to corrupt fingerprint authentication. There are other methods, such as making a mold, using a 3D printer, or modifying your own fingerprint. These methods are more or less effective depending on the type of fingerprint reader used.
Enhancing Security with EviPass NFC HSM and EviCypher NFC HSM Technologies
Secure Physical Secret Outsourcing
In the wake of vulnerabilities exposed by PrintListener, adopting EviPass NFC HSM and EviCypher NFC HSM technologies becomes crucial. These solutions physically externalize sensitive information like passwords, encryption keys, OTP keys, and enable AES-256 encryption of data and messaging via NFC HSM devices. Even if a device’s fingerprint security is compromised, externally stored secrets remain inviolable, safeguarding encrypted data and messages.
Summary and Conclusion
PrintListener has shed light on significant flaws within fingerprint authentication systems, underscoring the urgent need for enhanced security measures. The integration of EviPass NFC HSM and EviCypher NFC HSM technologies offers a robust solution, physically externalizing and encrypting sensitive information beyond the reach of acoustic fingerprint hacking. This approach not only fortifies biometric security but also ensures the integrity of encrypted data and communications, providing a comprehensive shield against emerging threats.
Elevating BitLocker Security: A Comprehensive Guide
BitLocker Security stands as the first line of defense in safeguarding Windows data. This comprehensive guide delves into enhancing encryption measures, tackling vulnerabilities, and integrating advanced solutions for unparalleled protection. Discover how technologies like PassCypher and DataShielder, in synergy with BitLocker, revolutionize data security.
Dive into our analysis to gain crucial information about BitLocker security. Stay informed and protected against evolving cyber threats with our regularly updated topics.
Secure your data with our BitLocker security insights from Jacques Gascuel, a data security visionary. Stay informed and protected with our regular updates.
Elevating Data Protection on Windows with BitLocker Security
Are you utilizing a Windows computer for personal or professional data storage and processing? Aiming to shield your information from theft, loss, or exposure risks during device disposal? Seeking a straightforward, effective security solution without additional software installations? BitLocker, integrated within Windows, provides a formidable solution.
BitLocker: A Cornerstone of Windows Security
BitLocker emerges as a key security feature in Windows, enabling the encryption of entire volumes — be it partitions or hard drives. By deploying robust encryption algorithms like the Advanced Encryption Standard (AES), BitLocker converts your data into a format unreadable to unauthorized individuals lacking the encryption key.
This encryption key is securely generated and stored by the Trusted Platform Module (TPM), a specialized security chip embedded in the motherboards of select computers. The TPM’s role extends to generating and storing encryption keys, digital signatures, boot measurements, and even biometric identifiers. Crucially, TPM 2.0 is mandated for the installation and operation of Windows 11, Microsoft’s latest operating system.
Moreover, the TPM assures device integrity when offline — that is, when your computer is shut down or in sleep mode. It assesses the boot code executed at device startup against a reference value within the TPM. A match allows the TPM to unlock the encryption key, facilitating normal device startup. A mismatch, however, results in the TPM securing the key, thereby thwarting the device’s boot process.
Further enhancing security, BitLocker can condition the normal startup process on the provision of a personal code (PIN) or the insertion of a removable device containing a startup key. These added authentication measures fortify BitLocker security, necessitating multi-factor authentication. Without the correct PIN or startup key at each boot, BitLocker retains the encryption key, preventing data access.
In This Article, Discover:
BitLocker’s Mechanisms: Grasp how BitLocker operates to encrypt entire volumes securely.
BitLocker Security Benefits: Explore the myriad ways BitLocker fortifies data security.
Navigating BitLocker’s Vulnerabilities: Learn about potential risks to BitLocker and strategies for protection.
BitLocker Activation and Configuration: Detailed guidance on enabling and setting up BitLocker on Windows.
Enhancing BitLocker Security with EviPass NFC HSM, EviCypher NFC HSM, and EviKeyboard BLE: At the article’s conclusion, we’ll delve into how these innovative solutions bolster BitLocker security against various attacks.
BitLocker Security: Operational Insights
BitLocker secures data using potent algorithms and keys, intricately stored within the TPM, rendering them nearly impossible to extract or tamper with. This ensures that data remains inaccessible without the correct encryption key or authentication.
The TPM not only generates and secures encryption keys but also plays a critical role in verifying device integrity, especially during offline periods. This security measure is vital for maintaining device protection, particularly at startup. Moreover, BitLocker’s synergy with other Windows security features like Secure Boot and Windows Information Protection further elevates data safeguarding.
The Advantages of BitLocker for Protecting Data
With BitLocker, users enjoy extensive benefits for data security, such as:
Preventing Unauthorized Data Access: Through advanced encryption and TPM-stored keys, BitLocker shields data against both software attacks and physical disk tampering.
Securing Data on Disposed Devices: Ensuring data on discarded BitLocker-protected devices remains unreadable without proper encryption or authentication methods.
Protection Against Device Theft or Loss: By requiring a PIN or startup key, BitLocker offers multi-factor authentication, significantly reducing unauthorized access risks.
By integrating BitLocker into your data protection strategy, you enhance the security layer around sensitive information. This guide not only elucidates BitLocker’s significance and operational mechanics but also introduces “EviPass NFC HSM, EviCypher NFC HSM, and EviKeyboard BLE” as pivotal in advancing BitLocker security against diverse threats. Stay tuned for an in-depth exploration of these enhancements towards the article’s end.
BitLocker Security: Analyzing Attacks and Vulnerabilities in TPM and TPM 2.0
Introduction to BitLocker’s Encryption Technology
BitLocker is an integral encryption technology within Windows, designed to protect data on hard drives and removable media. Utilizing the Advanced Encryption Standard (AES), BitLocker secures data with a secret key. This key can be stored in a Trusted Platform Module (TPM), a security chip on the motherboard, or through alternative methods like passwords, PINs, USB keys, or certificates. While BitLocker significantly enhances protection against data theft, loss, and unauthorized system boot or code alterations, it is not without vulnerabilities. These include the necessity of recovery key backups, compatibility issues with certain hardware and software, and susceptibility to specific attack techniques. This article delves into the various attack possibilities and vulnerabilities associated with TPM and TPM 2.0, detailing their mechanisms, consequences, and countermeasures.
TPM 1.2: Security Functions and Vulnerabilities
Placement du diagramme : immédiatement après l’explication des attaques par démarrage à froid, incluez un diagramme de processus étape par étape. Ce diagramme doit décrire la séquence d’une attaque par démarrage à froid : (1) l’attaquant redémarre le périphérique, (2) accède à la RAM avant qu’elle ne s’efface et (3) extrait les clés de chiffrement BitLocker. Utilisez des icônes ou des illustrations pour un ordinateur, de la RAM et un symbole de clé pour représenter la clé de cryptage.
The Trusted Platform Module (TPM) 1.2 offers security functions like random number generation, secure cryptographic key creation, and digital signatures. While it bolsters BitLocker data security, TPM 1.2 is vulnerable to several attack types:
Cold Boot Attacks on TPM 1.2 or TMP 2.0
Cold boot attacks involve rebooting a TPM 1.2-enabled device to access and extract BitLocker encryption keys from RAM before it clears. Attackers can use alternative boot devices or physically transfer RAM to another device. Such attacks expose BitLocker-encrypted data due to TPM 1.2’s lack of effective RAM clearing mechanisms and data decryption prevention without authentication. Transitioning to TPM 2.0, which introduces “Memory Overwrite Request” (MOR) and “Lockout Mode,” provides enhanced protections.
DMA Attacks on TPM 1.2
This diagram explains the complex process of ThunderClap Attacks, which can bypass BitLocker Security measures on different operating systems.
DMA (Direct Memory Access) attacks use external devices to directly access the RAM of a TPM 1.2-enabled device, potentially reading or modifying BitLocker encryption keys. Such attacks compromise BitLocker security due to TPM 1.2’s inefficiencies in RAM protection and data integrity verification.
To defend against DMA attacks, it’s recommended to:
Disable or secure device DMA ports, such as FireWire or Thunderbolt.
Use a PIN or startup key to lock device booting, preventing access to BitLocker-encrypted data without proper credentials.
Encrypt data on external storage devices to prevent them from becoming attack vectors.
RAM Analysis Attacks on TPM 1.2
RAM analysis attacks use specialized software or hardware to scan a device’s RAM for sensitive information, including BitLocker keys. TPM 1.2’s inability to protect RAM or verify data integrity leaves BitLocker-encrypted data vulnerable. Upgrading to TPM 2.0, which employs Device Encryption to bind data encryption to device hardware, mitigates these risks by not exposing the encryption key to RAM.
TPM 2.0: Enhanced Security Features and Vulnerabilities
TPM 2.0 introduces advanced security functions, including improved random number generation, secure cryptographic key creation, and digital signatures. These enhancements strengthen BitLocker security but do not render TPM 2.0 impervious to attacks:
Cold Boot Attacks on TPM 2.0
A cold spray can be used to preserve the data in the RAM after shutting down or restarting the system, exposing the BitLocker encryption keys to an attacker
Similar to TPM 1.2, TPM 2.0 is susceptible to cold boot attacks, where sensitive information like BitLocker keys can be extracted from RAM following a device reboot. TPM 2.0’s lack of effective RAM clearing mechanisms and data decryption prevention without authentication leaves BitLocker-encrypted data vulnerable. Utilizing TPM 2.0’s Lockout Mode, which limits decryption attempts and imposes delays between attempts, along with employing a PIN or startup key for device booting, enhances security against cold boot attacks.
For additional information on defending against cold boot attacks on TPM 2.0, explore:
Fault injection attacks induce errors in TPM 2.0’s operation by altering physical conditions, such as voltage, temperature, or radiation, potentially causing information leaks or malfunctions. Common techniques include “glitching,” where electrical impulses disrupt TPM operations, revealing sensitive information or compromising data integrity. These vulnerabilities, tracked as CVE-2023-1017 and CVE-2023-1018, highlight the importance of updating TPM firmware and employing fault-resistant TPMs or physical isolation measures to protect against such attacks.
To further understand fault injection attacks on TPM 2.0, consider:
“Fault Injection Techniques and Tools for Embedded Systems Reliability Evaluation,” presenting fault injection principles, methods, and tools.
“Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures,” analyzing fault injection attacks on cryptographic devices and offering effective countermeasures.
A video on fault injection attacks on TPMs, demonstrating attack execution and prevention methods.
Phishing and Social Engineering Attacks on TPM 2.0
TPM 2.0 cannot safeguard against phishing or social engineering attacks that manipulate users into divulging sensitive information, such as passwords or encryption keys. These attacks use deceptive communication methods, posing as legitimate entities like Microsoft or technical support, to exploit user emotions, needs, or weaknesses. To defend against such attacks, never disclose personal information to unknown or suspicious entities, verify the credibility of sources before trusting them, and utilize TPM 2.0’s Lockout Mode to limit decryption attempts and impose delays between attempts. Additionally, educating users on phishing and social engineering techniques and reporting suspicious activities to authorities are crucial countermeasures.
For more insights into phishing and social engineering attacks on TPM 2.0, explore:
“Phishing and Social Engineering,” describing attack characteristics, consequences, and prevention tips.
“BitLocker Security FAQ,” answering common questions about BitLocker security and explaining TPM 2.0’s Lockout Mode defense against phishing and social engineering attacks.
To better understand how a Bus Pirate attack works, here’s a video made by security researcher Stacksmashing, who successfully extracted the BitLocker encryption key from a laptop using a Raspberry Pi Pico, a microcontroller that costs less than 10 euros. He then used Dislocker software to decrypt the hard drive with the obtained key.
Extracting the BitLocker key
The attacker opened the laptop case, located the TPM’s SPI port, and connected the Raspberry Pi Pico with wires. Using a Python script, he read and wrote to the TPM, and extracted the BitLocker encryption key. He then removed the hard drive from the laptop, connected it to another computer, and decrypted the data with the Dislocker software and the key. The Raspberry Pi Pico served as a tool to “sniff” BitLocker keys and to create a debugging and glitch attack tool.
The Pirate Bus
The Bus Pirate is a hardware hacking tool that communicates with various electronic bus protocols. It supports serial protocols such as 1-wire, 2-wire, 3-wire, UART, I2C, SPI and HD44780 LCD. It can access the TPM via the SPI port, which is a synchronous communication protocol that transfers data between a master and one or more slaves. The TPM is a slave that responds to the master’s commands.
Stacksmashing video
To understand how a Bus Pirate attack works, watch this video by security researcher Stacksmashing, who extracted the BitLocker encryption key from a laptop using a Raspberry Pi Pico, a cheap microcontroller. He then decrypted the hard drive with the Dislocker software and the key, showing how the attack can bypass BitLocker security.
TPM 2.0 vulnerabilities
The Bus Pirate attack exploits the SPI communication vulnerabilities of TPM 2.0, allowing attackers to intercept BitLocker encryption keys by “eavesdropping” on unencrypted communications. This method requires physical access to the target computer and specialized hardware, and can potentially enable arbitrary code execution and cryptographic information extraction.
Protective measures
To mitigate these risks, use TPM 2.0 models that resist fault injection attacks, improve the physical isolation of TPM 2.0, and protect the SPI port from unauthorized access or manipulation. This video demonstrates a Bus Pirate attack on TPM 2.0, where security researcher Stacksmashing extracted a BitLocker encryption key using a Raspberry Pi Pico. After the key extraction, Stacksmashing decrypted the hard drive with the Dislocker software and the key, revealing the attack’s ability to circumvent BitLocker security. To prevent such attacks, secure the TPM’s SPI port physically, update the TPM firmware regularly, and use tamper-evident seals to detect any unauthorized access. Moreover, implement SPI firewalls, update security patches, follow the principle of least privilege, enforce strong password policies, use multi-factor authentication, and consider physical security measures to avoid unauthorized access.
Brute Force Attacks on TPM and TPM 2.0
Brute force attacks attempt to guess passwords or encryption keys by systematically testing all possible combinations. Such attacks can compromise BitLocker security, as TPM and TPM 2.0 lack mechanisms to effectively limit or slow down authentication attempts. To counter brute force attacks, use long and complex passwords or keys, employ TPM 2.0’s Lockout Mode to restrict decryption attempts and impose delays between attempts, and educate users on recognizing and reporting suspicious brute force attack attempts.
By understanding and addressing the vulnerabilities associated with TPM and TPM 2.0, users can significantly enhance BitLocker’s encryption effectiveness. Implementing technological countermeasures, updating system firmware, and educating users on potential threats are crucial steps in fortifying BitLocker’s defenses against a range of attack methodologies.
Maximizing BitLocker Security: A Detailed Activation and Configuration Manual for Windows Users
Securing data on Windows devices is paramount in today’s digital age. BitLocker, Microsoft’s premier encryption service, stands at the forefront of safeguarding against unauthorized data access, loss, or theft. Elevate your device’s security by meticulously activating and configuring BitLocker with the following steps:
Ensure Your Device Meets BitLocker Requirements
Initial Step: Ascertain your Windows device’s compatibility with BitLocker. For Windows 11 users, a TPM 2.0 chip is indispensable. To verify the presence and version of TPM, utilize the built-in TPM management tool accessible via Windows Security settings.
Enable TPM for Enhanced Security
Subsequent Step: TPM activation is crucial. This security processor may not be enabled by default. Enter your device’s BIOS or UEFI settings upon startup (often by pressing F2, F12, Del, or Esc) and locate the TPM settings to enable it, laying the groundwork for BitLocker’s encryption capabilities.
Update TPM Firmware for Optimal Performance
Critical Step: Keeping your TPM firmware up to date is essential to mitigate potential security vulnerabilities and improve the TPM’s defensive capabilities. Refer to your device manufacturer’s guidance for the specific procedure to update your TPM firmware to the latest version.
Select an Authentication Method Tailored to Your Needs
Choice-Driven Step: BitLocker offers multiple authentication methods to unlock your encrypted drive, including PINs, passwords, startup keys (on a USB drive), or recovery keys. Weigh the convenience against security to select the most suitable option. Detailed configuration settings can be found in the BitLocker Drive Encryption control panel.
Decide on BitLocker’s Encryption Strategy
Decision Point: BitLocker provides two encryption modes – AES-CBC and XTS-AES. The former is traditional, while the latter, recommended for fixed drives, offers added protection against certain attack vectors. Evaluate your device’s specifications and performance needs to make an informed choice.
Choose the Encryption Algorithm That Suits You Best
Technical Selection: BitLocker allows choosing between AES-128 and AES-256 encryption algorithms. While AES-256 offers a higher security level, it may impact system performance. Consider your security requirements and device capabilities before making a selection.
Securely Backup Your BitLocker Recovery Key
Safety Measure: The BitLocker recovery key is a failsafe mechanism to access your encrypted data if you forget your primary authentication method. Microsoft offers several backup options, including saving to your Microsoft account, printing it, saving to a file, or even storing it with a cloud-based key management service like Azure Key Vault. This step is crucial; ensure your recovery key is stored in a secure, retrievable location.
Activate BitLocker and Start Encrypting
Finalization Step: With all preferences set and the recovery key securely backed up, you’re ready to activate BitLocker. Navigate to the BitLocker Drive Encryption control panel, select the drive you wish to encrypt, and follow the on-screen instructions to start the encryption process. This may take some time depending on the size of the drive and data.
Congratulations on fortifying your Windows device with BitLocker! You’ve taken significant steps towards securing your data. Should you encounter any queries or require further assistance, do not hesitate to consult Microsoft’s comprehensive BitLocker documentation or reach out for support.
Enhancing BitLocker Security with Freemindtronic’s Advanced Solutions
In the contemporary landscape of digital security, safeguarding sensitive information against sophisticated attacks is paramount. Freemindtronic’s innovative technologies, such as PassCypher and DataShielder, along with the integration of EviKeyboard BLE, offer a robust defense mechanism, particularly enhancing BitLocker’s encryption capabilities on Windows platforms.
To further detail the integration of PassCypher and DataShielder products in enhancing BitLocker security, let’s explore how each technology specifically addresses and mitigates the risks associated with different types of attacks, adding depth and clarity to their roles in safeguarding encrypted data.
Combatting Cold Boot Attacks with PassCypher and EviKeyboard BLE
Cold Boot attacks exploit the volatility of RAM to extract sensitive data, including BitLocker encryption keys. PassCypher, a pioneering product by Freemindtronic, revolutionizes password management by utilizing EviPass NFC HSM technology for contactless and password-free security solutions. When combined with EviKeyboard BLE, a USB Bluetooth virtual keyboard technology, it provides an advanced layer of protection against RAM-based attacks. This combination leverages the USB HID (Human Interface Device) protocol to securely input secret keys and PIN codes directly into BIOS or disk startup fields, enabling remote computer control via a smartphone.
USB HID Protocol and RAM Exposure
However, it’s crucial to understand that the USB HID protocol operates through RAM to transmit data between the USB port and the chipset, subsequently transferring it to the processor or TPM. This process implies that data sent by the virtual keyboard could potentially be exposed to RAM-targeting attacks, such as Cold Boot or Direct Memory Access (DMA) attacks. Protecting sensitive data, like passwords and encryption keys inputted or received by the virtual keyboard, necessitates additional precautions.
Limitations of RAM Attacks
Despite their potency, RAM attacks are not without limitations for the attacker:
Physical Access Requirement: The attacker needs physical access to the computer and USB port, posing challenges depending on the location and timing of the attempted breach.
Necessity of Specialized Equipment: Capturing and analyzing RAM data requires specific hardware and software, which can be expensive or inaccessible.
Data Volatility: Post-system shutdown or reboot, RAM data quickly degrades, diminishing the success rate of such attacks. Furthermore, attackers face the challenge of data encryption performed by EviCypher NFC HSM or HSM PGP. These encryption keys, utilized within the operational RAM, are automatically destroyed after encryption and decryption processes, significantly lowering the likelihood of key recovery to nearly zero.
This nuanced understanding underscores the effectiveness of PassCypher in conjunction with EviKeyboard BLE as a formidable countermeasure against Cold Boot attacks. By recognizing the operational dynamics of the USB HID protocol and RAM’s role, alongside the inherent limitations faced by attackers, it’s evident that these Freemindtronic technologies greatly enhance the security posture against sophisticated RAM exploits. The integration of contactless password management and virtual keyboard input mechanisms, especially in environments secured by BitLocker, marks a significant advancement in safeguarding sensitive information from potential Cold Boot and related RAM intrusion attempts.
Defending Against Fault Injection Attacks with DataShielder’s EviCypher Technology
Fault Injection attacks, which attempt to induce errors in the hardware to leak sensitive information, are particularly concerning for TPM 2.0 security. DataShielder, incorporating EviCypher technology, encrypts data on storage devices using the robust AES-256 standard. The encryption keys, randomly generated and stored outside the computer’s environment within secure HSM or NFC HSM, ensure that data remains encrypted and inaccessible, even if attackers bypass TPM security. This external and secure key storage mechanism is crucial for maintaining the integrity of encrypted data against sophisticated fault injection methodologies.
Preventing Phishing and Social Engineering Attacks
PassCypher’s integrated anti-phishing features deliver proactive defenses against social engineering tactics aimed at undermining BitLocker security. The system’s sandboxed URL verification (anti-typosquatting), password integrity checks, and automatable protection against BTIB attacks create an automatic barrier against phishing attempts. By externalizing the storage and management of credentials, PassCypher ensures that even if attackers deceive users, the physical separation of sensitive information keeps it beyond reach, effectively neutralizing phishing and social engineering efforts.
Securing Against The Bus Pirate Attack
The Bus Pirate attack targets the SPI communication channel, a vulnerability in TPM 2.0. DataShielder’s integration of EviCypher for AES-256 encryption on all types of storage media provides a solid defense. By generating encryption keys that are both randomly segmented and securely stored outside the device, DataShielder guarantees that data remains encrypted, irrespective of TPM’s state. This approach of physically externalizing and encrypting keys ensures the highest level of data protection, even in the event of a successful Bus Pirate attack.
Thwarting Brute Force Attacks Through PassCypher
Brute Force attacks attempt to crack encryption by systematically guessing passwords or PIN codes. PassCypher’s capability to generate highly complex passwords and PIN codes, exceeding 256 bits, sets a new standard in security. This complexity makes it virtually impossible for attackers to successfully guess BitLocker credentials, providing a robust defense against brute force methodologies.
As we wrap up our exploration of BitLocker security, it becomes evident that the landscape of digital protection is both vast and intricate. In this context, BitLocker emerges not just as a tool, but as a fortress, designed to shield our digital realms from ever-evolving threats. The collaboration with Freemindtronic technologies like PassCypher and DataShielder, complemented by the utility of EviKeyboard BLE, underscores a pivotal shift towards a more resilient digital defense strategy. This alliance not only elevates BitLocker’s capabilities but also sets a new standard in cybersecurity practices.
Revolutionizing Data Security: BitLocker Enhanced
Indeed, the journey through the nuances of BitLocker’s encryption and the exploration of TPM’s vulnerabilities has underscored the importance of a multifaceted security approach. This journey reveals that, in the face of advancing cyber threats, the integration of cutting-edge solutions like PassCypher and DataShielder with BitLocker security forms an impregnable barrier against unauthorized access and data breaches.
Moreover, addressing the spectrum of attacks—from the Cold Boot and DMA to the sophisticated realms of social engineering—BitLocker, enriched with Freemindtronic’s innovations, stands as a beacon of comprehensive protection. This blend not only secures the data on Windows devices but also fortifies the user’s confidence against potential cyber incursions.
Furthermore, the emphasis on preventing phishing and social engineering attacks highlights the critical need for awareness and the adoption of advanced security measures. Here, the role of PassCypher’s anti-phishing capabilities and the encrypted communication via EviKeyboard BLE becomes paramount, illustrating the necessity of a holistic security posture in safeguarding against the multifarious nature of cyber threats.
Conclusion on BitLocker Security
The synergy between BitLocker’s foundational encryption technology and the advanced protective measures offered by Freemindtronic’s PassCypher and DataShielder exemplifies a forward-thinking approach to cybersecurity. This strategic amalgamation not only ensures the integrity and confidentiality of sensitive data but also propels BitLocker security into a new era of digital safety.
Thus, as we move forward, let us embrace these technological advancements with an informed perspective. Let BitLocker, enhanced by Freemindtronic’s pioneering solutions, serve as the cornerstone of our digital security strategy. In doing so, we fortify our defenses, ready to face the complexities of the cyber landscape with unwavering resilience and assurance.
How to protect yourself from the attack against Microsoft Exchange?
The attack against Microsoft Exchange was a serious security breach in 2023. Thousands of organizations worldwide were hacked by cybercriminals who exploited vulnerabilities in Microsoft’s email servers. How did this happen? What were the consequences? How did Microsoft react? And most importantly, how can you protect your data and communications? Read our comprehensive analysis and discover Freemindtronic’s technology solutions.
Cyberattack against Microsoft: discover the potential dangers of stalkerware spyware, one of the attack vectors used by hackers. Stay informed by browsing our constantly updated topics.
Cyberattack against Microsoft: How to Protect Yourself from Stalkerware, a book by Jacques Gascuel, the innovator behind advanced sensitive data security and safety systems, provides invaluable knowledge on how data encryption and decryption can prevent email compromise and other threats.
How the attack against Microsoft Exchange on December 13, 2023 exposed thousands of email accounts
On December 13, 2023, Microsoft was the target of a sophisticated attack by a hacker group called Lapsus$. This attack exploited another vulnerability in Microsoft Exchange, known as CVE-2023-23415, which allowed the attackers to execute remote code on the email servers using the ICMP protocol. The attackers were able to access the email accounts of more than 10,000 Microsoft employees, some of whom were working on sensitive projects such as the development of GTA VI or the launch of Windows 12. The attackers also published part of the stolen data on a website called DarkBeam, where they sold more than 750 million fraudulent Microsoft accounts. Microsoft reacted quickly by releasing a security patch on December 15, 2023, and collaborating with the authorities to arrest the perpetrators of the attack. One of the members of the Lapsus$ group, an Albanian hacker named Kurtaj, was arrested on December 20, 2023, thanks to the cooperation between the American and European intelligence services1234.
What were the objectives and consequences of the attack?
The attack against Microsoft Exchange affected more than 20,000 email servers worldwide, belonging to businesses, institutions and organizations from different sectors. These servers were vulnerable because they used outdated versions of the software, which no longer received security updates. The attack exploited a critical vulnerability known as ProxyLogon (CVE-2023-23415), allowing the attackers to execute remote code on the servers and access the email accounts. Despite the efforts to solve the problem, many vulnerable servers remained active, exposing the email accounts of about 30,000 high-level employees, including executives and engineers. The attackers were able to steal confidential information, such as internal projects, development plans, trade secrets or source codes.
What were the objectives of the attack?
The attack was attributed to Lapsus$, a hacker group linked to Russia. According to Microsoft, the group’s main objective was to gain access to sensitive information from various targets, such as government agencies, think tanks, NGOs, law firms, medical institutions, etc. The group also aimed to compromise the security and reputation of Microsoft, one of the leading technology companies in the world. The attack was part of a larger campaign that also involved the SolarWinds hack, which affected thousands of organizations in 2020.
What were the impacts of the attack?
The attack had serious impacts on the victims, both in terms of data loss and reputation damage. The data stolen by the attackers included personal and professional information, such as names, addresses, phone numbers, email addresses, passwords, bank details, credit card numbers, health records, etc. The attackers also leaked some of the data on the DarkBeam website, where they offered to sell the data to the highest bidder. This exposed the victims to potential identity theft, fraud, blackmail, extortion, or other cybercrimes. The attack also damaged the reputation of Microsoft and its customers, who were seen as vulnerable and unreliable by their partners, clients, and users. The attack also raised questions about the security and privacy of email communication, which is widely used in the digital world.
What were the consequences of the attack?
The attack had several consequences for Microsoft and its customers, who had to take urgent measures to mitigate the damage and prevent further attacks. Microsoft had to release a security patch for the vulnerability, and urge its customers to update their software as soon as possible. Microsoft also had to investigate the origin and extent of the attack, and cooperate with the authorities to identify and arrest the attackers. Microsoft also had to provide support and assistance to its customers, who had to deal with the aftermath of the attack. The customers had to check their email accounts for any signs of compromise, and change their passwords and security settings. They also had to notify their contacts, partners, and clients about the breach, and reassure them about the security of their data. They also had to monitor their online activities and accounts for any suspicious or fraudulent transactions. The attack also forced Microsoft and its customers to review and improve their security policies and practices, and adopt new solutions and technologies to protect their data and communication.
How did the attack succeed despite Microsoft’s defenses?
The attack was sophisticated and stealthy, using several techniques to bypass Microsoft’s defenses. First, the attackers exploited a zero-day vulnerability, which means that it was unknown to Microsoft and the public until it was discovered and reported. Second, the attackers used a proxy tool to disguise their origin and avoid detection. Third, the attackers used web shells to maintain persistent access to the servers and execute commands remotely. Fourth, the attackers used encryption and obfuscation to hide their malicious code and data. Fifth, the attackers targeted specific servers and accounts, rather than launching a massive attack that would have raised more suspicion.
What are the communication vulnerabilities exploited by the attack?
The attack exploited several communication vulnerabilities, such as:
Targeted phishing: The attackers sent fake emails to the victims, pretending to be from legitimate sources, such as Microsoft, their bank, or their employer. The emails contained malicious links or attachments, that led the victims to compromised websites or downloaded malware on their devices. The attackers then used the malware to access the email servers and accounts.
SolarWinds exploitation: The attackers also used the SolarWinds hack, which was a massive cyberattack that compromised the software company SolarWinds and its customers, including Microsoft. The attackers inserted a backdoor in the SolarWinds software, which allowed them to access the networks and systems of the customers who installed the software. The attackers then used the backdoor to access the email servers and accounts.
Brute force attack: The attackers also used a brute force attack, which is a trial-and-error method to guess the passwords or encryption keys of the email accounts. The attackers used automated tools to generate and test a large number of possible combinations, until they found the right one. The attackers then used the passwords or keys to access the email accounts.
SQL injection: The attackers also used a SQL injection, which is a technique to insert malicious SQL commands into a web application that interacts with a database. The attackers used the SQL commands to manipulate the database, and access or modify the data stored in it. The attackers then used the data to access the email accounts.
Why did the detection and defense systems of Microsoft Exchange not work?
The detection and defense systems of Microsoft Exchange did not work because the attackers used advanced techniques to evade them. For example, the attackers used a proxy tool to hide their IP address and location, and avoid being traced or blocked by firewalls or antivirus software. The attackers also used web shells to create a backdoor on the servers, and execute commands remotely, without being noticed by the system administrators or the security software. The attackers also used encryption and obfuscation to conceal their malicious code and data, and prevent them from being analyzed or detected by the security software. The attackers also used zero-day vulnerability, which was not known or patched by Microsoft, and therefore not protected by the security software.
How did Microsoft react to the attack?
Microsoft reacted to the attack by taking several actions, such as:
The main actions of Microsoft
Releasing a security patch: Microsoft released a security patch for the vulnerability exploited by the attack, and urged its customers to update their software as soon as possible. The patch fixed the vulnerability and prevented further attacks.
Investigating the attack: Microsoft investigated the origin and extent of the attack, and collected evidence and information about the attackers and their methods. Microsoft also cooperated with the authorities and other organizations to identify and arrest the attackers.
Providing support and assistance: Microsoft provided support and assistance to its customers, who were affected by the attack. Microsoft offered guidance and tools to help the customers check their email accounts for any signs of compromise, and change their passwords and security settings. Microsoft also offered free credit monitoring and identity theft protection services to the customers, who had their personal and financial data stolen by the attackers.
Microsoft also released patches for the vulnerabilities exploited by the attack
Microsoft also released patches for the other vulnerabilities exploited by the attack, such as the SolarWinds vulnerability, the brute force vulnerability, and the SQL injection vulnerability. Microsoft also improved its detection and defense systems, and added new features and functions to its software, to enhance the security and privacy of email communication.
What are the lessons to be learned from the attack?
The attack was a wake-up call for Microsoft and its customers, who had to learn from their mistakes and improve their security practices. Some of the lessons to be learned from the attack are:
Email security
Email is one of the most widely used communication tools in the digital world, but also one of the most vulnerable to cyberattacks. Therefore, it is essential to ensure the security and privacy of email communication, by applying some best practices, such as:
Using strong and unique passwords for each email account, and changing them regularly.
Using multi-factor authentication (MFA) to verify the identity of the email users, and prevent unauthorized access.
Using encryption to protect the content and attachments of the email messages, and prevent them from being read or modified by third parties.
Using digital signatures to verify the authenticity and integrity of the email messages, and prevent them from being spoofed or tampered with.
Using spam filters and antivirus software to block and remove malicious emails, and avoid clicking on suspicious links or attachments.
Using secure email providers and platforms, that comply with the latest security standards and regulations, and offer features such as end-to-end encryption, zero-knowledge encryption, or self-destructing messages.
Multi-factor authentication
Multi-factor authentication (MFA) is a security method that requires the user to provide two or more pieces of evidence to prove their identity, before accessing a system or a service. The pieces of evidence can be something the user knows (such as a password or a PIN), something the user has (such as a smartphone or a token), or something the user is (such as a fingerprint or a face scan). MFA can prevent unauthorized access to email accounts, even if the password is compromised, by adding an extra layer of security. Therefore, it is recommended to enable MFA for all email accounts, and use reliable and secure methods, such as biometric authentication, one-time passwords, or push notifications.
Principle of least privilege
The principle of least privilege (POLP) is a security concept that states that each user or system should have the minimum level of access or permissions required to perform their tasks, and nothing more. POLP can reduce the risk of data breaches, by limiting the exposure and impact of a potential attack. Therefore, it is advisable to apply POLP to email accounts, and assign different roles and privileges to different users, depending on their needs and responsibilities. For example, only authorized users should have access to sensitive or confidential information, and only administrators should have access to system settings or configuration.
Software update
Software update is a process that involves installing the latest versions or patches of the software, to fix bugs, improve performance, or add new features. Software update is crucial for email security, as it can prevent the exploitation of vulnerabilities that could allow attackers to access or compromise the email servers or accounts. Therefore, it is important to update the software regularly, and install the security patches as soon as they are available. It is also important to update the software of the devices that are used to access the email accounts, such as computers or smartphones, and use the latest versions of the browsers or the applications.
System monitoring
System monitoring is a process that involves observing and analyzing the activity and performance of the system, to detect and resolve any issues or anomalies. System monitoring is vital for email security, as it can help to identify and stop any potential attacks, before they cause any damage or disruption. Therefore, it is essential to monitor the email servers and accounts, and use tools and techniques, such as logs, alerts, reports, or audits, to collect and analyze the data. It is also essential to monitor the email traffic and behavior, and use tools and techniques, such as firewalls, intrusion detection systems, or anomaly detection systems, to filter and block any malicious or suspicious activity.
User awareness
User awareness is a state of knowledge and understanding of the users, regarding the security risks and threats that they may face, and the best practices and policies that they should follow, to protect themselves and the system. User awareness is key for email security, as it can prevent many human errors or mistakes, that could compromise the email accounts or expose the data. Therefore, it is important to educate and train the email users, and provide them with the necessary information and guidance, to help them recognize and avoid any phishing, malware, or social engineering attacks, that could target their email accounts.
What are the best practices to strengthen information security?
Information security is the practice of protecting the confidentiality, integrity, and availability of the information, from unauthorized or malicious access, use, modification, or destruction. Information security is essential for email communication, as it can ensure the protection and privacy of the data and messages that are exchanged. Some of the best practices to strengthen information security are:
Adopt the Zero Trust model: The Zero Trust model is a security approach that assumes that no user or system can be trusted by default, and that each request or transaction must be verified and authorized, before granting access or permission. The Zero Trust model can enhance information security, by reducing the attack surface and preventing the lateral movement of the attackers, within the system.
Use advanced protection solutions: Advanced protection solutions are security solutions that use artificial intelligence, machine learning, or other technologies, to detect and respond to the most sophisticated and complex cyberattacks, that could target the email accounts or data. Some of these solutions are endpoint detection and response (EDR), identity and access management (IAM), or data encryption solutions.
Hire cybersecurity experts: Cybersecurity experts are professionals who have the skills and knowledge to design, implement, and maintain the security of the system and the information, and to prevent, detect, and respond to any cyberattacks, that could affect the email accounts or data. Cybersecurity experts can help to strengthen information security, by providing advice, guidance, and support, to the email users and administrators.
How can Freemindtronic technology help to fight against this type of attack?
Freemindtronic offers innovative and effective technology solutions such as EviCypher NFC HSM and EviPass NFC HSM and EviOTP NFC HSM and other PGP HSMs. They can help businesses to fight against this type of attack based on Zero Day and other threats. Their technology is embedded in products such as DataShielder NFC HSM and DataShielder HSM PGP and DataShielder Defense or PassCypher NFC HSM or PassCypher HSM PGP. These products provide security and communication features for data, email and password management and offline OTP secret keys.
DataShielder NFC HSM is a portable device that allows to encrypt and decrypt data and communication on a computer or on an Android NFC smartphone. It uses a contactless hardware security module (HSM) that generates and stores encryption keys securely and segmented. It protects the keys that encrypt contactless communication. This has the effect of effectively fighting against all types of communication vulnerabilities, since the messages and attachments will remain encrypted even if they are corrupted. This function regardless of where the attack comes from, internal or external to the company. It is a counter-espionage solution. It also offers other features, such as password management, 2FA – OTP (TOTP and HOTP) secret keys. In addition, DataShielder works offline, without server and without database. It has a configurable multi-authentication system, strong authentication and secure key sharing.
DataShielder HSM PGP is an application that transforms all types of physical storage media (USB key, S, SSD, KeyChain / KeyStore) connected or not connected into HSM. It has the same features as its NFC HSM version. However, it also uses standard AES-256 and RSA 4096 algorithms, as well as OpenPGP algorithms. It uses its HSMs to manage and store PGP keys securely. In the same way, it protects email against phishing and other email threats. It also offers other features, such as digital signature, identity verification or secure key sharing.
DataShielder Defense is a dual-use platform for civilian and military use that offers many functions including all those previously mentioned. It also works in real time without server, without database from any type of HSM including NFC. It also has functions to add trust criteria to fight against identity theft. It protects data and communication against cyberattacks and data breaches.
In summary
To safeguard against the Microsoft Exchange attack, prioritize security updates and patches. Embrace Freemindtronic’s innovative solutions for enhanced protection. Stay vigilant against phishing and employ robust authentication methods. Opt for encryption to shield communications. Engage cybersecurity experts for advanced defense strategies. By adopting these measures, you can fortify your defenses against cyber threats and ensure your data’s safety.
Ivanti Patches Two Critical Zero-Day Vulnerabilities, One Under Active Attack
Ivanti, a leader in endpoint and network management solutions, has patched two critical zero-day vulnerabilities, one of which was actively exploited by cybercriminals. Learn more about these vulnerabilities and how to protect your organization.
This sentence is under a slider that shows similar topics on the zero day.
The Ivanti zero-day flaws, written by Jacques Gascuel, inventor of cybersecurity solutions, of cyber-safety of sensitive data and of counter-espionage, deal with the subject of the Ivanti Zero Day 2024 vulnerabilities.
What are Zero-Day Flaws and Why are They Dangerous?
A zero-day flaw is a previously unknown vulnerability in software that hackers can exploit before the vendor becomes aware and devises a patch. These vulnerabilities are particularly perilous because there is no existing defense against their exploitation. Cybercriminals can use zero-day flaws to launch sophisticated cyberattacks, leading to unauthorized data access, system damage, and widespread security breaches.
Ivanti’s Two Zero-Day Vulnerabilities: CVE-2024-21888 and CVE-2024-21893
Ivanti’s announcement highlights two specific vulnerabilities:
CVE-2024-21888: This is a critical privilege escalation vulnerability found in the web components of Ivanti Connect Secure and Policy Secure (versions 9.x, 22.x). It allows malicious users to gain administrator privileges, thereby obtaining the ability to alter system configurations, access restricted data, and potentially introduce further malicious code into the network infrastructure.
CVE-2024-21893: Identified as a server-side request forgery (SSRF) flaw within the SAML component of Ivanti Connect Secure, Policy Secure (versions 9.x, 22.x), and Ivanti Neurons for ZTA, this vulnerability enables attackers to bypass authentication mechanisms to access restricted resources. This flaw is particularly concerning due to its active exploitation, which suggests a targeted approach by cybercriminals to leverage this vulnerability for malicious purposes.
Ivanti has acknowledged the targeted exploitation of CVE-2024-21893 and expressed concerns over the potential for increased malicious activities following the public disclosure of these vulnerabilities.
How to Protect Your Organization from Ivanti’s Zero-Day Flaws
In response to the discovery of these vulnerabilities, Ivanti has taken swift action by releasing patches for the affected products, including specific versions of Connect Secure and ZTA. The company strongly advises a precautionary factory reset of devices before applying the patches to eliminate any lingering threats from the system. Additionally, Ivanti recommends importing a mitigation file named “mitigation.release.20240126.5.xml” as a temporary countermeasure against these vulnerabilities.
To safeguard against these vulnerabilities, organizations are urged to apply Ivanti’s patches immediately, conduct a factory reset of devices prior to patching, and adopt a proactive cybersecurity posture. This includes regular software updates, comprehensive user education on cybersecurity best practices, and the implementation of robust security measures such as firewalls, intrusion detection systems, and regular security audits.
The Impact of Ivanti’s Zero-Day Flaws on the Cybersecurity Landscape
Since the beginning of 2024, the cybersecurity community has witnessed the disclosure of six zero-day vulnerabilities within Ivanti’s product lineup, with half of them being actively exploited. A study conducted by Volexity found that more than 1,700 Ivanti devices have been compromised worldwide, including nearly 100 in France. These attacks have affected organizations from all sectors, including government agencies, Fortune 500 companies and cloud service providers .
CISA Issues Emergency Directive for Federal Agencies
The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive. It requires all federal agencies to apply Ivanti’s patches and mitigations, and report any compromise to the CISA. This directive is important because it shows the urgency and the severity of the situation, and its implications for the national and international security.
Mandiant Identifies Bypass Technique and Webshell Deployment
Mandiant, a cybersecurity firm, has identified a technique that bypasses the mitigation file and allows the deployment of a custom webshell named BUSHWALK. This webshell works by injecting malicious code into the legitimate web pages of Ivanti devices, and allows the attackers to execute commands and access files on the compromised systems. Mandiant has provided a detailed description of how this webshell works, how to detect it, and how to remove it. Mandiant has also clarified that this technique is distinct from the mass exploitation that followed the disclosure of the vulnerabilities.
UNC5221: The Threat Group Behind the Targeted Exploitation
Mandiant has also attributed the exploitation of the Ivanti zero-day flaws to a threat group named UNC5221, suspected to be linked to China. This group has targeted organizations from various sectors, including government agencies, Fortune 500 companies and cloud service providers . Mandiant has also revealed the tools and the malware used by this group, such as BUSHWALK, BLOODHOUND, CHOPSTICK and SLIGHTPULSE. These tools and malware are designed to perform reconnaissance, lateral movement, credential theft and data exfiltration on the compromised networks.
The Number of Victims and the Potential Consequences
According to the latest reports from Volexity and Mandiant, more than 1,700 Ivanti devices have been compromised worldwide, including nearly 100 in France. The sectors most affected by these intrusions include government, finance, healthcare, education, and technology. The potential consequences of these intrusions include unauthorized data access, system encryption by ransomware, installation of backdoors for persistent access, and execution of malicious code. Such incidents can lead to significant financial losses, reputational damage, operational disruptions, and legal implications for the affected organizations.
EviCypher and EviPass: Innovative Technologies to Protect Yourself from the Zero-Day Flaws
Facing the threat of the Ivanti zero-day flaws, there are innovative solutions to protect yourself effectively. These are the EviCypher and EviPass technologies, developed by Freemindtronic, a company specialized in pocket cybersecurity.
EviCypher is a NFC device that allows you to encrypt and decrypt messages securely and anonymously. You just need to slide your EviCypher card behind your smartphone for the message to be encrypted or decrypted. The system uses individual encryption keys, stored offline, in a non-volatile and physically secure memory. Thus, even if the message is intercepted by an attacker who exploits an Ivanti zero-day flaw, he will not be able to read it without the corresponding key.
EviPass is a mobile application that allows you to manage your passwords and credentials securely and conveniently. You just need to scan your EviPass card with your smartphone to access your online accounts. The application uses an OpenPGP encryption algorithm, based on public and private keys. The private keys are stored offline, in a non-volatile and physically secure memory. Thus, even if an attacker manages to access a compromised Ivanti device, he will not be able to steal the passwords and credentials without the EviPass card.
These two solutions offer a high level of security, based on the principle of “Air Gap”, which consists of creating a physical and digital barrier between the data and the attackers. They are also easy to use, without requiring any specific knowledge in cybersecurity. They are compatible with all digital communication systems, including those that use Ivanti products. They are protected by international patents, and manufactured in Andorra by Freemindtronic.
EviPass NFC NFC and EviPass HSM PGP: Freemindtronic’s Technologies for Password Management
EviPass NFC NFC and EviPass HSM PGP are two technologies developed by Freemindtronic for password management. EviPass NFC NFC is a technology that uses NFC cards to store and access passwords and credentials. EviPass HSM PGP is a technology that uses hardware security modules (HSM) to store and access passwords and credentials using the OpenPGP encryption algorithm. Both technologies are integrated into the EviPass mobile application, which allows users to manage their passwords and credentials securely and conveniently.
EviCypher NFC HSM and EviCypher HSM PGP: Freemindtronic’s Technologies for Message Encryption
EviCypher NFC HSM and EviCypher HSM PGP are two technologies developed by Freemindtronic for message encryption. EviCypher NFC HSM is a technology that uses NFC cards and hardware security modules (HSM) to encrypt and decrypt messages. EviCypher HSM PGP is a technology that uses hardware security modules (HSM) to encrypt and decrypt messages using the OpenPGP encryption algorithm. Both technologies are integrated into the EviCypher NFC device, which allows users to encrypt and decrypt messages securely and anonymously.
PassCypher and DataShielder: Freemindtronic’s Products that Incorporate EviCypher and EviPass Technologies
PassCypher and DataShielder are two products designed and manufactured by Freemindtronic that incorporate the EviCypher and EviPass technologies. PassCypher is a NFC device that connects to your smartphone or computer and allows you to access your online accounts using the EviPass technology. DataShielder is a NFC device that connects to your smartphone or computer and allows you to encrypt and decrypt messages using the EviCypher technology. With these products, you can benefit from the EviCypher and EviPass technology to protect your passwords, credentials and messages.
To learn more about these solutions, you can visit the Freemindtronic website or the Codeur blog, which present the features and benefits of EviCypher and EviPass.
Conclusion
In conclusion, the Ivanti zero-day flaws are dangerous vulnerabilities that can compromise the security and confidentiality of the users’ data. It is therefore important to protect yourself effectively against these flaws, by applying the patches provided by Ivanti, following the cybersecurity recommendations, and using innovative solutions like EviCypher and EviPass, developed by Freemindtronic. These solutions are integrated into innovative products, designed and manufactured in Andorra. Don’t wait any longer to protect yourself from the Ivanti zero-day flaws, and discover the EviCypher and EviPass solutions from Freemindtronic. What are your impressions on these products? Let us know in the comments below.
How to protect yourself from stalkerware: In today’s digital landscape, being mindful of stalkerware’s escalating threat is crucial. Take proactive measures to safeguard your privacy. Stalkerware, a malware type, lets unauthorized individuals stealthily monitor and control your smartphone.
To learn more about the potential dangers of stalkerware spyware.” Stay informed by browsing our constantly updated topics
How to Protect Yourself from Stalkerware written by Jacques Gascuel, the innovator behind advanced sensitive data security and safety systems, provides priceless knowledge on the topic of data encryption and decryption. Are you prepared to enhance your comprehension of data protection?
What is Stalkerware and Why is it Dangerous?
Stalkerware, including known programs like FlexiSpy, mSpy, and Spyera, tracks your location and accesses calls, messages, and photos. These programs can secretly activate your camera or microphone. To counter these invasions, safeguard your digital privacy from stalkerware. Physical access or being tricked into clicking malicious links; often in phishing emails, leads to stalkerware installation.
Who Uses Stalkerware?
Furthermore, abusive partners, stalkers, employers, or governments often use stalkerware. They exploit tools like FlexiSpy or Spyera to gain unauthorized access to personal information, track whereabouts, or monitor online activities.
How to Detect and Remove Stalkerware from Your Phone
To detect stalkerware, check for unusual apps or files. Monitor your phone bill for spikes in data usage or unexpected charges. Be cautious about what you click on, and keep your phone and apps updated. Consider well-known antivirus or security apps like Malwarebytes; Kaspersky Internet Security for added protection.
Signs of Stalkerware Infection
To detect stalkerware, you can follow these steps:
Check for unusual apps or files: If you notice any unfamiliar apps or files on your phone, it could be a sign that stalkerware is installed. Be sure to check the permissions for any apps you don’t recognize and uninstall any that seem suspicious.
Monitor your phone bill: Unusual spikes in data usage or unexpected charges could signal stalkerware installation. Contact your phone carrier to investigate.
Be cautious about what you click on: Don’t click on links or open attachments from unknown senders, as these could be used to install stalkerware on your phone.
Keep your phone and apps updated: Make sure your phone’s operating system and apps are up to date with the latest security patches. These updates often include fixes for vulnerabilities that could be exploited by stalkerware or other malware.
Use a reputable antivirus or security app: Antivirus and security apps can help to detect and remove stalkerware, as well as protect you from other types of malware.
In case you suspect the presence of stalkerware on your phone, you may attempt to remove it using one of the aforementioned methods. However, if you are not comfortable doing this yourself, you can take your phone to a professional for help.
Steps to Remove Stalkerware
Backup your data first
Perform a factory reset on your device
Change all your passwords post-reset
Protecting Sensitive Data from Stalkerware
Fortifying Sensitive Data with Freemindtronic’s Solutions
In the battle against stalkerware, safeguarding your sensitive data is paramount. Freemindtronic, an innovative Andorran cybersecurity company, offers cutting-edge solutions that not only protect your privacy but also fortify your data against prying eyes. Leveraging contactless encryption through an NFC hardware security module (HSM) and other secure storage media, these solutions make your secrets virtually inaccessible to tracking software.
EviCypher NFC HSM This module secures encryption keys from an externalized source, ensuring the protection of data on NFC devices. Its robust security shields against stalkerware and other cyber threats.
EviCypher HSM OpenPGP: Versatile and adaptable, it creates an HSM across various storage types, supporting keychains, keystores, SD, and USB OTG keys. Compliant with encryption standards and the OpenPGP encryption standard, it safeguards a wide array of sensitive data, including emails, documents, and photos.
EviPass: A hardware password manager that securely stores your passwords within a tamper-proof device, making it exceedingly difficult, if not impossible, for tracking software to pilfer your passwords from an NFC HSM or HSM PGP.
EviOTP: This OTP token manager, housed within an NFC HSM or HSM PGP, generates one-time passwords (TOTP or HOTP) for two-factor authentication. This additional layer of physical security thwarts token exploitation, fortifying the protection of your online accounts.
Seamless Integration Across Product Lines
Freemindtronic solutions provide an additional layer of defense against spyware and seamlessly integrate into various products.
Integration of Password Manager Technology
For instance, EviPasse HSM HSP, an advanced password manager technology, integrates seamlessly into the PassCypher HSM PGP product. It ensures the security of identification and authentication secrets in computer systems.
Enhanced NFC Security
Similarly, EviPass NFC HSM technology seamlessly embeds into the PassCypher NFC HSM product, securing NFC Android phones via NFC HSM.
Strengthening Authentication Security
Moreover, PassCypher NFC HSM takes it a step further by incorporating EviOTP technology to bolster the security of 2FA double authentication tokens on phones and computers.
Data Encryption Without Contact
EviCypher NFC HSM technology plays a vital role as an encryption key manager in DataShielder NFC HSM products. It enables users to encrypt sensitive email, SMS, MMS, and RCS data without contact. This offers effective protection against spyware like Stalkerware. Users physically outsource secrets from their phones or computers, ensuring data security against cyber threats.
Cornerstone of Data Security
As for EviCypher HSM PGP technology, it serves as the cornerstone of the DataShielder HSM PGP product on computer systems. It is also compatible with DataShielder NFC HSM. This simultaneous security ensures sensitive information on both phones and computers.
Comprehensive Security Suite
Finally, for ultimate versatility and mobility, DataShielder Defense, designed for civil and military use, encompasses these technologies and many others. This comprehensive suite strengthens data protection against physical and software espionage, identity theft, corruption of sensitive data, illicit extraction of secrets, and other threats. Thanks to its interoperability and backward compatibility, it works on all existing computer and telephone systems, with or without NFC.
To prevent stalkerware from infecting your phone, you can follow these steps:
Be cautious about who has access to your phone: Don’t let people borrow your phone or have physical access to it if you don’t trust them.
Use strong passwords and security settings: Use a strong password, PIN, or biometric authentication to lock your phone and enable features like Find My Device or Find My iPhone in case your phone is lost or stolen.
Be careful what you click on: Be cautious of links or attachments that come from unknown or suspicious sources. Only download apps or files from trusted or official sources.
Keep your phone and apps updated: Make sure your phone’s operating system and apps are up to date with the latest security patches. These updates often include fixes for vulnerabilities that could be exploited by stalkerware or other malware.
Install a reputable antivirus or security app: Antivirus and security apps can help to protect your phone from stalkerware and other types of malware.
Consequently, following these steps helps protect against stalkerware.
Signs You May Have Stalkerware
If you suspect that you may have stalkerware installed on your device, look for these signs:
Sudden battery drain or overheating
Device turning on or off by itself or behaving strangely
Unusual spikes in data usage or unexpected charges on your phone bill
Unrecognized apps or files appearing on your device
Strange or unwanted messages, calls, or emails from unknown numbers or addresses
A sense that someone knows too much about your activities, location, or conversations
Detecting and Eliminating Stalkerware
Suspecting stalkerware’s presence calls for swift action to safeguard your privacy and security. Implement these steps:
Rely on Reputable Antivirus or Security Apps: Utilize antivirus or security apps like Malwarebytes, Kaspersky Internet Security, or Avast Mobile Security to detect and remove stalkerware.
Unmask Anomalous Apps or Files: If unfamiliar apps or files appear, suspect stalkerware’s presence. Scrutinize permissions for unrecognizable apps and uninstall those deemed suspicious.
Monitor Phone Bill for Unusual Activity: Detecting spikes in data usage or unexpected charges on your phone bill might indicate stalkerware. Investigate with your phone carrier.
Practice Caution with Clicks: Avoid clicking on links or opening attachments from unknown senders, as these might harbor stalkerware.
Stay Updated: Regularly update your device’s operating system and apps. Updates often include security patches that shield you from stalkerware.
Empower Yourself and Others: Educate yourself about stalkerware
Prevention is Crucial
To safeguard against stalkerware, focus on prevention. Here are some key tips:
Be cautious about who has access to your device: Don’t let people borrow your device or have physical access to it if you don’t trust them.
Use strong passwords and security settings: Use a strong password, PIN, or biometric authentication to lock your device and enable features like Find My Device or Find My iPhone in case your device is lost or stolen.
Be careful what you click on: Be cautious of links or attachments that come from unknown or suspicious sources. Only download apps or files from trusted or official sources.
Keep your device and apps updated: Make sure your device and all of your apps are up to date with the latest security patches and updates. This will help to protect against vulnerabilities that could be exploited by stalkerware or other malware.
Install a reputable antivirus or security app: Antivirus and security apps can help to detect and remove stalkerware, as well as protect you from other types of malware.
Resources for Stalkerware Victims
The Coalition Against Stalkerware:https://stopstalkerware.org/: The Coalition Against Stalkerware is an international organization that works to combat stalkerware. The coalition provides resources for victims of stalkerware, as well as advocates for stronger laws and regulations to protect people from stalkerware.
The National Network to End Domestic Violence:https://www.thehotline.org/: The National Network to End Domestic Violence is a US-based organization that provides resources for victims of domestic violence, including information on stalkerware. The organization also has a hotline that victims can call for support.
The Cyber Civil Rights Initiative:https://cybercivilrights.org/: The Cyber Civil Rights Initiative is a US-based organization that works to protect people from online abuse, including stalkerware. The organization provides resources for victims of online abuse, as well as advocates for stronger laws and regulations to protect people from online abuse.
Latest Research
In recent years, researchers have discovered several new methods for using stalkerware. For example, a new variant of stalkerware called Cerberus is capable of infecting devices over Bluetooth. Cerberus can then be used to track the victim’s location, record their calls and conversations, and even take photos and videos of them without their knowledge.
New Laws and Regulations
Subsequently, governments worldwide are enacting new laws. For example, the European Union has adopted a new directive that criminalizes the use of stalkerware in the EU. The United States has also taken steps to combat stalkerware, such as creating a new task force to investigate the use of stalkerware.
New Resources Available for Stalkerware Victims
In addition to the steps you can take to protect yourself from stalkerware, there are also a number of resources available to help victims of stalkerware. These resources offer support, advice, and legal assistance.
Stalkerware Survivors Share Stories of Trauma and Resilience
Sarah, a victim of stalking by her ex-boyfriend, shares her story:
I discovered the stalkerware only after noticing unusual patterns like battery drain and phone restarts. My ex-boyfriend was tracking my location, reading my messages, and even listening to my phone calls, causing me fear and distress. After reporting the stalkerware to the company’s IT department, they removed it and took action against my former partner.
John, a victim of workplace surveillance, reveals his experience:
My boss installed stalkerware to monitor my work hours, emails, and phone calls, making me feel controlled and distrustful. Discovering the stalkerware led me to report it to the company’s IT department, which removed it and disciplined my boss. While still employed, I’m now more cautious about who I trust.
Maria, a victim of government surveillance, describes her ordeal:
Similarly, the government tracked my activities using stalkerware.Seeking help from a human rights organization, I filed a complaint, received legal assistance, and had the stalkerware removed. Continuing my fight for justice, I’m now empowered to speak up.
How to Protect Yourself from Stalkerware: A Summary
Stalkerware is a serious threat to privacy and safety. By being aware of the risks and taking steps to protect yourself, you can help to prevent yourself from becoming a victim.
Here are some additional tips to help you stay safe from stalkerware:
Be aware of the latest stalkerware trends: Stalkerware developers are constantly finding new ways to infect devices. It’s important to stay up-to-date on the latest trends so that you can protect yourself.
Talk to your friends and family about stalkerware: The more people who are aware of the risks, the less likely it is that you will become a victim.
Support legislation to combat stalkerware: There are a number of laws and regulations being proposed to combat stalkerware. By supporting these laws, you can help make using stalkerware more difficult.
Follow these guidelines to effectively protect yourself from stalkerware and potential harm.
The Terrapin attack is a serious vulnerability in the SSH protocol that can be used to downgrade the security of your SSH connections. This can allow attackers to gain access to your sensitive data. In this article, we will explain what the Terrapin attack is, how it works, and how you can protect yourself from it.
Terrapin attack: CVE-2023-48795 SSH security vulnerability articles for in-depth threat reviews and solutions. Stay informed by clicking on our scrolling topics.
Shield Your SSH Security from the Sneaky Terrapin Attack written by Jacques Gascuel, inventor of sensitive data safety and security systems. Are you safeguarding your SSH connections? Stay vigilant against the Terrapin attack, a stealthy vulnerability that can compromise your SSH security and expose your sensitive data.
Protect Yourself from the Terrapin Attack: Shield Your SSH Security with Proven Strategies
SSH is a widely used protocol for secure communication over the internet. It allows you to remotely access and control servers, transfer files, and encrypt data. However, SSH is not immune to attacks, and a recent vulnerability OpenSSH before 9.6 (CVE-2023-48795) has exposed a serious flaw in the protocol itself. This flaw, dubbed the Terrapin attack, can downgrade the security of SSH connections by truncating cryptographic information. In this article, we will explain what the Terrapin attack is, how it works, and how you can protect yourself from it.
Why you should care about the Terrapin attack
The Terrapin attack is not just a theoretical threat. It is a real and dangerous attack that can compromise the security of your SSH connections and expose your sensitive data. The consequences of a successful Terrapin attack can be severe, such as:
Data breaches: The attacker can access your confidential information, such as passwords, keys, files, or commands, and use them for malicious purposes.
Financial losses: The attacker can cause damage to your systems, services, or assets, and demand ransom or extort money from you.
Reputation damage: The attacker can leak your data to the public or to your competitors, and harm your credibility or trustworthiness.
Therefore, it is important to be aware of the Terrapin attack and take the necessary measures to prevent it. In the following sections, we will show you how the Terrapin attack works, how to protect yourself from it, and how to use PassCypher HSM PGP and EviKey NFC HSM to enhance the security of your SSH keys.
A prefix truncation attack on the SSH protocol
The Terrapin attack is a prefix truncation attack that targets the SSH protocol. It exploits a deficiency in the protocol specification, namely not resetting sequence numbers and not authenticating certain parts of the handshake transcript. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.
This manipulation allows the attacker to perform several malicious actions, such as:
Downgrade the connection’s security by forcing it to use less secure client authentication algorithms
Bypass the keystroke timing obfuscation feature in OpenSSH, which may allow the attacker to brute-force SSH passwords by inspecting the network packets
Exploit vulnerabilities in SSH implementations, such as AsyncSSH, which may allow the attacker to sign a victim’s client into another account without the victim noticing
To pull off a Terrapin attack, the attacker must already be able to intercept and modify the data sent from the client or server to the remote peer. This makes the attack more feasible to be performed on the local network.
Unveiling the SSH Handshake: Exposing the Terrapin Attack’s Weakness
The SSH Handshake Process
The SSH handshake is a crucial process that establishes a secure channel between a client and server. It consists of the following steps:
TCP connection establishment: The client initiates a TCP connection to the server.
Protocol version exchange: The client and server exchange their protocol versions and agree on a common one. Then, the algorithm negotiation takes place.
Algorithm negotiation: The client and server exchange lists of supported algorithms for key exchange, encryption, MAC, and compression. Then, they select the first matching algorithm.
Key exchange: The client and server use the agreed-upon key exchange algorithm to generate a shared secret key. They also exchange and verify each other’s public keys. Then, the service request is sent.
Service request: The client requests a service from the server, such as ssh-userauth or ssh-connection. Then, the client authenticates itself to the server using a supported method, such as password, public key, or keyboard-interactive.
User authentication: The client authenticates itself to the server using a supported method, such as password, public key, or keyboard-interactive. Then, the channel request is sent.
Channel request: The client requests a channel from the server, such as a shell, a command, or a subsystem. Thus, encrypted communication is enabled.
The Terrapin Attack
The Terrapin attack exploits a vulnerability in the SSH handshake by manipulating the sequence numbers and removing specific messages without compromising the secure channel integrity. This stealthy attack is difficult to detect because it doesn’t alter the overall structure or cryptographic integrity of the handshake.
For example, the attacker can eliminate the service request message sent by the client, which contains the list of supported client authentication methods. This forces the server to resort to the default method, typically password-based authentication. The attacker can then employ keystroke timing analysis to crack the password.
Alternatively, the attacker can target the algorithm negotiation message sent by the server, which lists the supported server authentication algorithms. By removing this message, the attacker forces the client to use the default algorithm, usually ssh-rsa. This opens the door for the attacker to forge a fake public key for the server and deceive the client into accepting it.
To illustrate the process of a Terrapin attack, we have created the following diagram:
Hackers exploit OAuth2 flaw to bypass 2FA on google accounts google account security flaw
As you can see, the diagram shows the steps from the interception of the communication by the attacker to the injection of malicious packets. It also highlights the stealthiness and the difficulty of detection of the attack.
Summery
The Terrapin attack is a serious threat to SSH security. By understanding how it works, you can take steps to protect yourself from it. Here are some tips:
Make sure your SSH server is up to date with the latest security patches.
Use strong passwords or public key authentication.
Enable SSH key fingerprint verification.
How to protect yourself from the Terrapin attack: Best practices and tools
The Terrapin attack is a serious threat to SSH security, and it affects many SSH client and server implementations, such as OpenSSH, PuTTY, FileZilla, and more. Here are some steps you can take to protect yourself from it:
Update your SSH client and server to the latest versions. Many vendors have released patches that fix the vulnerability or introduce a strict key exchange option that prevents the attack. You can check if your SSH software is vulnerable by using the Terrapin vulnerability scanner.
Use strong passwords and public key authentication. Avoid using weak or default passwords that can be easily guessed by the attacker. Use public key authentication instead of password authentication, and make sure your public keys are verified and trusted.
Use secure encryption modes. Avoid using vulnerable encryption modes, such as ChaCha20-Poly1305 or AES-CBC with default MACs. Use encryption modes that use authenticated encryption with associated data (AEAD), such as AES-GCM or Chacha20-Poly1305@openssh.com.
Use a VPN or a firewall. If possible, use a VPN or a firewall to encrypt and protect your SSH traffic from being intercepted and modified by the attacker. This will also prevent the attacker from performing other types of attacks, such as DNS spoofing or TCP hijacking.
Implement a strict security policy on your local networks. Limit the access to your SSH servers to authorized users and devices, and monitor the network activity for any anomalies or intrusions.
How to use PassCypher HSM PGP and EviKey NFC HSM to protect your SSH keys: A secure and convenient solution
A good way to enhance the security of your SSH keys is to use PassCypher HSM PGP and EviKey NFC HSM. These are products from PassCypher), a company specialized in data security. They offer a secure and convenient solution for generating and storing your SSH keys.
PassCypher HSM PGP is a system that embeds a SSH key generator, allowing you to choose the type of algorithm – RSA (2048, 3072, 4096) or ECDSA (256,384, 521), and ED25519. The private key is generated and stored in a secure location, making it inaccessible to attackers.
EviKey NFC HSM is a contactless USB drive that integrates with PassCypher HSM PGP. It provides an additional layer of security and convenience for users who can easily unlock their private SSH key with their smartphone.
To show how PassCypher HSM PGP and EviKey NFC HSM can protect your SSH keys from the Terrapin attack, we have created the following diagram:
This image illustrates the Terrapin attack, a stealthy attack that exploits a vulnerability in the SSH handshake. The attacker can manipulate the sequence numbers and remove specific messages without compromising the secure channel integrity. This can lead to a variety of security risks, including password cracking and man-in-the-middle attacks.
As you can see, the diagram shows how this solution effectively protects your SSH keys from the Terrapin attack. It also shows the benefits of using a contactless USB drive, such as:
Enhanced security: The private key is physically externalized and protected with a contactless authentication mechanism.
Convenience: Easy unlocking with a smartphone.
Ease of use: No additional software required.
Industrial-grade security: Equivalent to SL4 according to the standard IEC 62443-3-3.
Safeguarding Your SSH Keys with a Contactless USB Drive: A Comprehensive Guide
This guide meticulously walks you through the process of:
Generating an SSH key pair leveraging PassCypher HSM PGP
Protecting the private SSH key within the EviKey NFC HSM USB drive
Unlocking the private SSH key employing your smartphone
Establishing a secure connection to an SSH server using the EviKey NFC HSM USB drive
Alongside step-by-step instructions, the guide also includes illustrative screenshots. By adhering to these guidelines, you’ll effectively safeguard and conveniently manage your SSH keys using a contactless USB drive.
Statistics on the Terrapin attack: Facts and figures
Statistics on the Terrapin attack: Facts and figures
The Terrapin attack is a serious cybersecurity threat that affects SSH connections. We have collected some statistics from various sources to show you the scale and impact of this attack. Here are some key facts and figures:
The Shadowserver Foundation reports that nearly 11 million SSH servers exposed on the internet are vulnerable to the Terrapin attack. This is about 52% of all IPv4 and IPv6 addresses scanned by their monitoring system.
The most affected countries are the United States (3.3 million), China (1.3 million), Germany (1 million), Russia (704,000), Singapore (392,000), Japan (383,000), and France (379,000).
The Terrapin attack affects many SSH client and server implementations, such as OpenSSH, PuTTY, FileZilla, Dropbear, libssh, and more. You can see the complete list of known affected implementations here).
You can prevent the Terrapin attack by updating your SSH software to the latest version, using secure encryption modes, and enabling strict key exchange. You can also use the Terrapin vulnerability scanner, available on GitHub, to check your SSH client or server for vulnerability.
A team of researchers from the Horst Görtz Institute for IT Security at Ruhr University Bochum in Germany discovered and disclosed the Terrapin attack. They published a detailed paper and a website with the technical details and the implications of the attack. Conclusion: How to stay safe from the Terrapin attack
The Terrapin attack is a serious threat to SSH security. It lets hackers break into SSH servers by exploiting a vulnerability in the protocol. To protect yourself effectively, you need to do the following:
Update your SSH software to the latest version
Use two-factor authentication
Store your SSH keys securely
Use PassCypher HSM PGP and EviKey NFC HSM
Conclusion: How to stay safe from the Terrapin attack
The Terrapin attack is a serious threat to SSH security. It allows hackers to break into SSH servers by exploiting a vulnerability in the protocol. To protect yourself effectively, you need to update your SSH software, use two-factor authentication, store your SSH keys securely, and use PassCypher HSM PGP and EviKey NFC HSM. If you found this article useful, please feel free to share it with your contacts or leave us a comment.
Hackers exploit OAuth2 flaw to bypass 2FA on Google accounts
Hackers exploit the Google OAuth2 security flaw to bypass 2FA and access your online services with persistent cookies. They exploit an undocumented OAuth2 endpoint to generate these cookies. PassCypher protects you by verifying the URL of connection to Google, alerting you of password corruption, and blocking redirection iframes attacks.
Google OAuth2 security flaw articles for in-depth analyses of threats and solutions. Stay updated by clicking on our scrolling topics.
Google OAuth2 security flaw written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.
Google OAuth2 security flaw: Strategies Against Persistent Cookie Threats in Online Services
Google OAuth2 security flaw poses a serious threat that affects millions of users worldwide. However, hackers can exploit an undocumented OAuth2 endpoint to generate persistent cookies that allow them to access your online services, such as Gmail, Google Drive, YouTube, etc., without needing your password or 2FA code. Hackers can compromise your privacy, data, and identity using this flaw. How can you protect yourself from this attack? In this article, we will explain how this flaw works, how it has impacted many countries and organizations, and how you can use PassCypher, an innovative solution that verifies the URL of connection to Google, alerts you of password corruption, and blocks redirection iframes attacks.
Google OAuth2 Protocol: Ensuring Account Security and Comparing Different Methods
OAuth2 is an authorization protocol that facilitates user access to services like YouTube, Gmail, and Google Drive, allowing login with a Google account while avoiding password sharing. Specifically designed for ease and adaptability, this protocol comprehensively supports various applications, ranging from web and desktop platforms to mobile and living room devices. Consequently, when users engage with OAuth2, they authorize Google to share selective information, such as names and email addresses, with the connected service. Following this, Google issues an authentication token, effectively confirming the user’s identity to these services.
However, this protocol also has a security flaw, which was revealed by a hacker in October 2023. This flaw, known as the Google OAuth2 security flaw, allows hackers to create persistent cookies for Google accounts, which give them continuous access to Google services, even after the user resets their password. They exploit an undocumented Google Oauth endpoint named “MultiLogin”.
To protect themselves from this flaw, users can choose between different security methods, which require them to provide two pieces of evidence to log in to their account: their password and another factor. However, these methods have differences, advantages and disadvantages.
Google OAuth2 Multilogin Endpoint two-step verification (2SV)
This method uses the “MultiLogin” endpoint, which allows the user to log in to multiple Google services with a single authentication token. When the user logs in to their Google account, they receive a notification on their phone or computer, which they have to approve to validate their identity. This method is simple and fast, but it has a security risk. Indeed, it is vulnerable to the Google OAuth2 security flaw, which can compromise the user’s account.
One-time password two-factor authentication (2FA)
This method uses a one-time password based on time (TOTP) or on a counter (HOTP). This password is generated by an app or a physical device, which uses an algorithm and a secret shared with the Google account. When the user logs in to their Google account, they have to enter the one-time password displayed by the app or the device, in addition to their usual password. This method is more secure, because it does not depend on the Google Oauth endpoint. It resists phishing, replay or interception attacks. However, it requires access to the app or device, such as PassCypher NFC HSM1, that generates the one-time password. This can be inconvenient or impossible if you lose, damage or forget the app or device. Unless, of course, the app or device, like PassCypher, has an externalized OTP secret key backup system.
In conclusion, 2SV Google OAuth2 Multilogin Endpoint and 2FA one-time password are two security methods that offer different levels of protection. 2SV is simpler and faster, but it is vulnerable to the Google OAuth2 security flaw. 2FA is more secure, but it is more complex and dependent on an external factor. It is up to each user to choose the method that suits them best, depending on their needs and preferences.
Unveiling the Perils of PRISMA: A Deep Dive into Google OAuth2 Security Flaws
Google OAuth2 Security Flaw: A Critical Threat Exploiting Persistent Cookies
In October 2023, a critical Google OAuth2 security flaw was discovered in the Google OAuth2 protocol. This flaw, dubbed PRISMA, was a serious threat to the security of Google accounts. It allowed hackers to steal a wealth of sensitive data, including personal, financial, and professional information, as well as passwords and cookies.
Malware groups used the exploit widely. who integrated it into their infostealing tools. These tools were used to target millions of users worldwide, including government institutions, media organizations, NGOs, and businesses.
How the PRISMA Exploit Works: Exploiting an Undocumented Endpoint
Hackers took advantage of the PRISMA exploit, using an undocumented Google OAuth2 endpoint. This endpoint is typically used for legitimate purposes, such as providing limited access to Google accounts. However, the PRISMA exploit cleverly repurposed this endpoint to generate persistent cookies that remained valid even after a user changed their password or IP address.
To further understand how the PRISMA exploit worked, a security researcher from CloudSEK, Pavan Karthick M, analyzed it in depth in a report dated December 29, 2023. His findings revealed that the exploit worked by first obtaining the user’s Google account ID and refresh token. These credentials could be obtained through phishing attacks, malware infections, or other means.
Once the user’s credentials were obtained, the exploit used the undocumented endpoint to generate persistent cookies. Hackers then used these cookies to access the user’s Google account without needing 2FA.
The Impact of the PRISMA Exploit: Stealing Sensitive Data from Millions
The PRISMA exploit impacted a wide range of users. It was used to steal sensitive data from millions of users worldwide.
Government institutions, media organizations, NGOs, and businesses were all targeted by the exploit. Hackers stole sensitive data, such as personal information, financial records, and intellectual property, from these organizations.
The PRISMA exploit highlighted the ever-evolving nature of cyber threats. It showed that even the most secure protocols can be vulnerable to exploitation by determined hackers.
Securing Your Google Account from the PRISMA Exploit
The PRISMA exploit is a critical threat to Google account security. This exploit allows hackers to generate persistent Google cookies through token manipulation, enabling them to access Google services even after a user’s password is reset.
How to Protect Yourself from the PRISMA Exploit
Here are some key steps you can take to protect your Google account from the PRISMA exploit:
Enable two-factor authentication (2FA): 2FA is the most effective way to protect your Google account. It requires you to enter a code from your phone or other device, such as a hardware password manager, in addition to your password when you sign in.
Use a strong and unique password: Never reuse the same password for multiple accounts. If one account is compromised, all of your accounts are at risk. Choose a password that is long, complex, and difficult to guess. You can use a password generator or password manager to help you generate strong passwords.
Be cautious about clicking on links: Hackers often send phishing emails that contain links that will take you to malicious websites disguised as legitimate Google pages. Never click on links in emails or on websites unless you are sure they are from a trusted source.
Use a hardware password manager: PassCypher is an advanced hardware password manager that can help you protect your Google account from the PRISMA exploit. It is a versatile tool that can be used to manage your passwords on any storage device, including hard drives, SSDs, SD cards, USB drives, cloud storage, NAS devices, NFC devices, and mobile devices.
How the flaw works
Firstly, the flaw exploits an undocumented endpoint called the “multilogin” endpoint. Specifically, Google uses this endpoint to enable users to sign in to multiple Google accounts simultaneously. To exploit this flaw, attackers actively use the multilogin endpoint. They do this by generating persistent cookies for a victim’s Google account. Remarkably, the process involves using the victim’s email address and session ID.
Subsequently, the malware stores these cookies on the victim’s computer. Consequently, this action allows the attacker to access the victim’s Google account. Importantly, this access occurs without the need for the victim’s password. Moreover, this approach highlights a significant vulnerability in the account security process.
In essence, the attackers’ method of using the multiple sign-in endpoint is alarmingly effective. Notably, the generation and storage of cookies using the victim’s email and session ID underscore the flaw’s criticality. Ultimately, these actions enable attackers to bypass traditional security measures, accessing accounts undetected.
Below is the diagram which illustrates the technical method used to exploit the flaw.
The PRISMA exploit is a reminder that cyber threats are constantly evolving. By staying informed about the latest threats and taking proactive steps to protect your accounts, you can help to keep your data safe.
Analysis of the OAuth2 Flaw Affecting Google Account Security: A Statistical Outlook
The Growing Menace: Malware Exploiting Google Account Security Vulnerability
Significantly, Bitdefender’s study reveals a concerning trend. Between January and April 2023, they detected over 500,000 attempts to exploit the OAuth2 flaw, with a staggering 86% targeting Google Cloud accounts. Hackers have been using these accounts for resource-intensive activities, notably cryptocurrency mining, resulting in considerable costs for victims. This underscores the criticality of the Google account vulnerability, affecting millions worldwide.
The Extent of the Google Account Security Flaw Caused by OAuth2
The OAuth2 flaw exploited by malware has a wide impact. It affects not only individual users, but also major web platforms that use OAuth2 and OpenID for user authentication. Technology giants like Facebook, Google, LinkedIn, and Microsoft are notably impacted. Moreover, various infostealing tools have exploited this vulnerability to siphon off users’ personal, financial, and professional information. These tools include Lumma, Rhadamanthys, Stealc, Meduza, RisePro, and WhiteSnake, as well as Zloader, TrickBot, and Emotet.
Studying the Risks Posed by the Security Flaw
Furthermore, CloudSEK’s study emphasizes the widespread nature of this risk. Alarmingly, over 91% of European Cloud services, which frequently use OAuth2 for Google account connections, are at risk. Notably, a widely-used design application was found to be vulnerable to such attacks.
Disturbingly, Google’s data reveals that by 2024, only around 15% of Google account users had activated two-step verification. Consequently, this leaves a substantial 85% more exposed to the OAuth2 flaw and other security threats. Kaspersky’s survey indicates that 60% of users reuse passwords across multiple online accounts, exacerbating the risks of identity theft and account compromise. Moreover, RiskIQ’s analysis detected over 25,000 malicious applications on the Google Play Store in 2023, many of which contain infostealing tools exploiting the OAuth2 flaw.
Mitigating the Impact: Proactive Strategies Against OAuth2 Security Flaws in Google Accounts
In response to these risks, enabling two-step verification on Google accounts is crucial. Additionally, using reliable password managers is essential for enhanced security. It’s important to regularly monitor account activities, identifying and addressing suspicious behavior swiftly.
Exercising caution with untrusted links or attachments is vital. By taking this step, users can help avoid phishing attempts and other deceptive practices. Moreover, innovative solutions like PassCypher significantly enhance security. PassCypher verifies Google connection URLs and alerts users to password corruption. It effectively blocks iframe redirection attacks, adding an extra defense layer against sophisticated cyber threats.
By adopting these measures, users can significantly reduce vulnerability to the OAuth2 flaw. Staying vigilant and informed about security risks and solutions is key. This approach is essential for maintaining digital identities and assets’ integrity and safety in a connected world.
Recent Victims of Google’s OAuth2 Security Breach: A Global Overview
Malware has affected several countries and organizations, which have seen their Google accounts compromised and their data stolen. Among the victims, we can mention:
Greece, Moldova and Tunisia, which were targeted by a first hacking campaign in October 2023. Hackers used the exploit to access government institutions, media, NGOs, and businesses in these countries. Hackers stole sensitive information, such as official documents, diplomatic correspondence, financial data, etc.
Vietnam, which was targeted by a second hacking campaign in November 2023. The hackers used the exploit to access the Google accounts of ministries, press agencies, universities and businesses in this country, and stole strategic data, such as development plans, research reports, trade contracts, etc.
Pakistan, which was victim of a third hacking campaign in December 2023. The hackers used the exploit to access the Google accounts of authorities, media, NGOs and businesses in this country, and stole confidential data, such as military documents, secure communications, personal data, etc.
Several European countries, including France, Germany, Italy, Spain and the United Kingdom, which were targeted by a fourth hacking campaign in January 2024. The hackers used the exploit to access the Google accounts of European institutions, political parties, media, NGOs and businesses in these countries, and stole critical data, such as bills, investigation reports, electoral data, etc.
Voices of the targeted: Testimonies from Google’s OAuth2 Flaw Victims
The vulnerability severely damaged the victims, exposing their data, blocking their accounts, disrupting their services, and even ruining their finances. Here are some real testimonies of victims, collected by the website 20 Minutes and the website Aleteia:
Julien, 35, computer engineer, received an email that seemed to come from Google. It asked him to confirm his identity to access a service. He clicked on the link and entered his password. A few minutes later, he received another email from Google. It told him that his account had been hacked and that he had to change his password. But it was too late, he no longer had access to his account. The hackers used his account to send spam to his contacts, to access his photos, his documents, his bank accounts, etc. They even tried to blackmail him by threatening to publish his personal data on the Internet. He filed a complaint, but he did not get a response. He feels helpless and violated.
Léa, 28, school teacher, uses her Google account to log in to several online services, such as YouTube, Gmail, Google Drive, etc. Malware blocked her account, preventing her access to any of these services. She contacted Google support, who told her that her account had been compromised by malware and that she had to recover it by following a procedure. But Hackers changed her account’s security settings, causing the recovery procedure to fail. She lost all her files, her emails, her videos, etc. She had to create a new account and start over. It’s very frustrating and stressful for her.
Omar, 42, human rights activist, works for an NGO that defends human rights in the world. He uses his Google account to communicate with his colleagues, his partners, his sources, etc. One morning, he discovered that Hackers hacked his account and stole his data. Hackers sent defamatory messages, accessed confidential information, and compromised the security of his contacts using his account. They even tried to make him look like a spy. He was threatened, harassed, intimidated. He had to change his phone number, email address, pseudonym, etc. He fears for his life and for that of his loved ones.
How to protect yourself from the Google OAuth2 security flaw?
Google OAuth2 security flaw exposes users to this threat. It allows hackers to bypass 2FA and access online services with persistent cookies. They exploit an undocumented OAuth2 endpoint to generate these cookies. To protect yourself, use PassCypher. PassCypher is a hardware password manager that uses NFC technology to securely store and manage passwords. It can also detect and block phishing attacks and iframe redirection attacks. It is an innovative solution that verifies the URL of connection to Google, alerts you of password corruption, and blocks redirection iframes attacks.
Securing Your Google Account: Proactive Measures Against OAuth2 Exploits
Google tried to strengthen its fraud detection measures to counter the exploit, but the hackers adapted their method to bypass them. Therefore, there is no simple solution to protect yourself from the vulnerability. But you can adopt some good practices to secure your Google account:
Use a strong and unique password
Do not reuse the same password for multiple accounts. If one of them is compromised, the others will be too. Choose a long, complex and hard to guess password. You can use a password generator or a password manager to help you.
Enable two-step verification
It is an additional layer of security that asks for a code or a confirmation on your phone when you log in to your Google account. Thus, even if someone knows your password, they will not be able to access your account without your device. You can enable two-step verification in the settings of your Google account.
Check recent activities and connected devices
Google allows you to check the history of connections to your account, as well as the devices that have accessed it. If you notice any suspicious activity or unknown device, you can report it and remove it from your account. You can check recent activities and connected devices in the settings of your Google account.
Be careful of fraudulent emails and websites
Hackers may try to trick you by sending you emails or links that seem to come from Google, but are actually phishing attempts. Phishing is a technique that makes you believe that you need to provide your credentials or personal information to access a service or an offer. Do not click on dubious links or attachments, and always check the website address before entering your data. You can report fraudulent emails and websites to Google.
Log in regularly to your Google account
Starting from December 2023, Google will delete inactive accounts for more than two years. This measure aims to increase security and reduce the risks of compromise of abandoned accounts. To avoid losing your data, remember to log in to your Google account at least once every two years.
By following these tips, you can increase the security of your Google account and protect it from hackers. Do not forget to change your password regularly and keep your phone updated. For more information, visit Google’s security website.
PassCypher: A Leading-Edge Solution for Protecting Against Google OAuth2 Vulnerabilities
A leading-edge solution
The Google OAuth2 vulnerability is a critical security threat to Google accounts. Attackers can use this vulnerability to generate persistent cookies and access your Google account, even after you change your password or IP address.
PassCypher is a hardware password manager that can help protect your Google account from the Google OAuth2 vulnerability. PassCypher seamlessly integrates EviPass, EviOTP, EviCore NFC HSM, EviCore NFC HSM Browser Extension, and EviCore HSM OpenPGP technologies, as well as the NFC HSM devices from Freemindtronic. These technologies form the foundation of PassCypher’s comprehensive security features.
PassCypher uses post-quantum AES-256 robust encryption with segmented keys, which makes it impossible for attackers to decrypt your passwords, even with a quantum computer.
Advanced security features
In addition to its post-quantum encryption, PassCypher also offers a number of other advanced security features that can help protect your Google account.
Protection against iframe redirection: PassCypher blocks iframe redirection, preventing attackers from redirecting you to malicious websites without your knowledge.
Sandbox protection: PassCypher uses a sandbox protection mechanism to isolate each encrypted secret, preventing attackers from accessing or modifying your passwords or the original login URL.
Protection against SQL injection attacks: PassCypher does not store your passwords on a server or database. Instead, each password is encrypted individually and stored freely on one or more local or online or offline storage devices at the user’s choice, in lan and/or wan. This physically prevents attackers from accessing your encrypted passwords via SQL injection attacks.
Password corruption detection: PassCypher alerts you if it detects that a password has been corrupted, ensuring that your sensitive information remains secure.
State-of-the-art password generation: PassCypher uses a variety of algorithms to generate truly random and strong passwords greater than 256 bits, making them impossible to guess even to post-quantum attacks.
A versatile solution
PassCypher is a versatile tool that can be used to manage your passwords on any storage device, including:
Hard drives
SSDs
SD cards
USB drives
Cloud storage
NAS devices
NFC devices
Mobile devices
How to use PassCypher
To use PassCypher, you can install the free PassCypher HSM PGP extension for your Chromium or Firefox web browser. Once the extension is installed, you can easily access the following features:
To log in to your Google account using PassCypher, simply click on the PassCypher icon that appears in the Google login field. Once you click on the icon, PassCypher will automatically fill in your login credentials and submit them for you.
PassCypher HSM PGP is a free extension that provides basic password management features. PassCypher Engine, a paid add-on, adds additional features, such as automatic login in one second, password change in five seconds, fully automated secret usage management on multiple devices, and instant, fully automated encryption and decryption.
An effective solution
By using PassCypher, you can significantly improve the protection of your Google account against the Google OAuth2 vulnerability. PassCypher’s robust security features and ease of use make it a valuable tool for protecting your digital assets.
Conclusion: Safeguarding Against Google’s OAuth2 Security Flaws
We have seen how a clever hack allows cybercriminals to access Google accounts without passwords. We have also seen how this hack has affected many countries and organizations, and how he victims have testified about their distress. Finally, we have seen how to protect ourselves from this threat by adopting good security practices, and by using PassCypher, an innovative solution that verifies the URL of connection to Google, alerts in case of password corruption, and protects from redirection iframes attacks. The exploit reveals the complexity and stealthiness of modern cyber threats. The need for continuous monitoring of technical vulnerabilities and human intelligence sources to stay ahead of emerging threats.
Kismet iPhone and Pegasus written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.
Kismet iPhone and Pegasus: a deadly combo
Hackers can use Kismet iPhone to install Pegasus spyware on your iPhone. This spyware can access your data, activity, and conversations.
Kismet iPhone: How to protect your device from the most sophisticated spying attack using Pegasus spyware
Do you own an iPhone? Do you think it is safe and private? You might be wrong. Hackers have created a clever attack called Kismet iPhone that can infect your device with Pegasus, the world’s most powerful spyware, without you noticing. This spyware can steal your personal data, track your activity, and listen to your conversations. In this article, we will tell you how Kismet iPhone works, who is behind it, and how you can protect yourself from it.
What is Kismet iPhone?
Kismet iPhone is the name of the attack that hackers use to install Pegasus, the spyware, on iPhones. Kismet iPhone uses a technique called “watering hole”. It consists of infecting websites visited by the targeted users. These websites contain malicious code that detects if the user has an iPhone and which model. If so, the malicious code redirects the browser to a server that exploits zero-day flaws in iOS and Safari. These flaws allow to install Pegasus without the user noticing. Pegasus then runs in the background and communicates with a command and control server.
What is Pegasus?
Pegasus is the name of the spyware that Kismet iPhone installs on iPhones. Pegasus is one of the most powerful spyware in the world, developed by NSO Group, an Israeli company that sells spyware to governments and intelligence agencies. Pegasus can access almost everything on the infected iPhone, such as messages, photos, contacts, location, calls, passwords and even conversations near the microphone. Pegasus can also activate the camera and the microphone remotely, and record the screen. Pegasus can bypass encryption and security features of apps like WhatsApp, Signal, Telegram, and others.
Who is behind Kismet iPhone and Pegasus?
Kismet iPhone and Pegasus are the work of NSO Group, an Israeli company that sells spyware to governments and intelligence agencies. NSO Group claims that its products are only used for legitimate purposes, such as fighting terrorism and crime. However, investigations have revealed that NSO Group has also targeted journalists, activists, lawyers, politicians and dissidents, violating their privacy and rights. NSO Group has been accused of being involved in the murder of Jamal Khashoggi, a Saudi journalist, and the hacking of Jeff Bezos, the founder of Amazon.
Examples of victims of Kismet iPhone and Pegasus
According to a report by Citizen Lab, a research group at the University of Toronto, Kismet iPhone and Pegasus have been used to spy on at least nine Bahraini activists between June 2020 and February 2021. The activists were members of the Bahrain Center for Human Rights, the Bahrain Institute for Rights and Democracy, and the European Center for Constitutional and Human Rights. They received text messages containing malicious links that attempted to infect their iPhones with Pegasus.
Another report by Amnesty International and Forbidden Stories, a non-profit media organization, revealed that Kismet iPhone and Pegasus have been used to target more than 50,000 phone numbers of people from various countries and professions. Among them were journalists, human rights defenders, lawyers, politicians, business executives, religious leaders, and celebrities. Some of the prominent names on the list were French President Emmanuel Macron, Pakistani Prime Minister Imran Khan, Indian opposition leader Rahul Gandhi, Moroccan journalist Omar Radi, and Mexican journalist Cecilio Pineda Birto.
A third report by The Guardian, a British newspaper, exposed that Kismet iPhone and Pegasus have been used to spy on the civil rights movement in the United States. The report found that at least 15 people who were close to the Black Lives Matter activist DeRay Mckesson had their phones hacked with Pegasus in 2016. The report also found that Alaa Mahajna, a lawyer who represented the family of George Floyd, had his phone hacked with Pegasus in 2020.
These examples show that Kismet iPhone and Pegasus are not only used to spy on criminals and terrorists, but also on innocent people who exercise their rights to freedom of expression, association, and assembly.
How to protect yourself from Kismet iPhone and Pegasus?
To protect yourself from Kismet iPhone and Pegasus, you need to update your iPhone with the latest version of iOS. Apple fixed the zero-day flaws exploited by Kismet iPhone in September 2020, making the attack ineffective. You also need to avoid clicking on suspicious links or visiting unsecured websites, which could be infected by malicious code. You need to use a VPN (virtual private network) to encrypt your internet connection and prevent potential spies from seeing your online activity. You can check if your iPhone has been infected by Pegasus by using a tool developed by Amnesty International, called MVT (Mobile Verification Toolkit).
Sources and downloads
If you want to learn more about the zero-day flaws used by Kismet iPhone and Pegasus, and how Apple fixed them, you can check the following sources:
About iOS 15 updates – Apple Support: this site gives you the details of the iOS 15 updates, including the security patches provided by each version. You can also download the latest version of iOS 15 from this site, by going to “Settings” > “General” > “Software Update”.
If you want to check if your iPhone has been infected by Pegasus, you can download the following application:
MVT (Mobile Verification Toolkit)MVT (Mobile Verification Toolkit): this open source software allows you to analyze your iPhone and detect traces of Pegasus. It is available for Windows, Mac and Linux, and requires some technical knowledge to use it. You can follow the user guide on the official project site.
Conclusion
Kismet iPhone and Pegasus are two of the most sophisticated and dangerous cyberattacks that target iPhone users. They can compromise your device and your data, without you being aware of it. To protect yourself from these attacks, you need to keep your iPhone updated, be careful with what you click and visit online, and use a VPN. You can also use a tool to detect if your iPhone has been infected by Pegasus. If you want to know more about Pegasus, the most powerful spyware in the world, you can read our dedicated article here: Pegasus: the cost of spying with one of the most powerful spyware in the world
However, you should know that the zero-day risk is always present, and that the economic stakes are huge for the companies that exploit these flaws to spy on their competitors or their adversaries. That is why Freemindtronic has specialized in counter-espionage tecnologiescounter-espionage tecnologies, which allow you to protect your data and your privacy against malicious intrusions. If you are interested in these solutions, you can visit our Freemindtronic website and discover the different technologies of counter espionage.
5Ghoul Attacks on Mobile Devices written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.
5Ghoul: A Threat to 5G Security
5G has benefits, but also risks. 5Ghoul is a set of 5G NR flaws that affect Qualcomm and MediaTek modems, used by most 5G devices. 5Ghoul can disrupt or make unusable smartphones, routers and modems 5G. In this article, we will see what 5Ghoul is, how it compares to other 5G attacks, and how to protect yourself with contactless encryption, which uses NFC.
5Ghoul: How Contactless Encryption Can Secure Your 5G Communications from Modem Attacks
5Ghoul is a set of 5G NR vulnerabilities that affect Qualcomm and MediaTek modems. These flaws allow to launch denial-of-service attacks or degrade the quality of the 5G network.
What is 5Ghoul?
5Ghoul is a set of 14 5G NR (New Radio) vulnerabilities, the protocol that governs the communication between 5G devices and base stations (gNB). Among these vulnerabilities, 10 are public and 4 are still confidential. They were discovered by researchers from the Singapore University of Technology and DesignSingapore University of Technology and Design.
The 5Ghoul vulnerabilities exploit implementation errors in Qualcomm and MediaTek modems, which do not comply with the specifications of the 5G NR protocol. They allow an attacker to create a fake base station, which pretends to be a legitimate one, and send malicious messages to 5G devices that connect to it. These messages can cause errors, crashes or infinite loops in the modems, resulting in denial-of-service attacks or degradations of the quality of the 5G network.
Which devices are affected by 5Ghoul?
The researchers tested the 5Ghoul vulnerabilities on 714 models of 5G smartphones from 24 different brands, including Lenovo, Google, TCL, Microsoft, etc. They also tested routers and modems 5G from various manufacturers. They found that the 5Ghoul vulnerabilities affect all 5G devices equipped with Qualcomm and MediaTek modems, which account for more than 90% of the market.
What are the impacts of 5Ghoul?
The impacts of 5Ghoul depend on the vulnerability exploited and the type of device targeted. The researchers classified the 5Ghoul vulnerabilities into three categories, according to their severity:
Level 1 vulnerabilities
Level 1 vulnerabilities are the most severe. They allow to render 5G devices completely unusable, by locking them in a state where they can neither connect nor disconnect from the 5G network. These vulnerabilities require a manual reboot of the devices to be resolved. Among the level 1 vulnerabilities, there is for example the CVE-2023-33043, which causes a crash of the Qualcomm X55/X60 modem by sending an invalid MAC/RLC message.
Level 2 vulnerabilities
Level 2 vulnerabilities are less critical, but still harmful. They allow to degrade the quality of the 5G network, by reducing the throughput, latency or stability of the connection. These vulnerabilities can be resolved by reconnecting to the 5G network. Among the level 2 vulnerabilities, there is for example the CVE-2023-33044, which causes packet loss on the MediaTek T750 modem by sending an invalid RRC message.
Level 3 vulnerabilities
Level 3 vulnerabilities are the least dangerous. They allow to disrupt the normal functioning of 5G devices, by displaying error messages, modifying settings or triggering alerts. These vulnerabilities have no impact on the quality of the 5G network. Among the level 3 vulnerabilities, there is for example the CVE-2023-33045, which causes an error message on the Qualcomm X55/X60 modem by sending an invalid RRC message.
How to protect yourself from 5Ghoul?
The researchers informed the manufacturers of Qualcomm and MediaTek modems of the 5Ghoul vulnerabilities, as well as the 5G network operators and the 5G device manufacturers. They also published a demonstration kit of the 5Ghoul vulnerabilities on GitHub, to raise awareness among the public and the scientific community of the risks of 5G NR.
To protect yourself from 5Ghoul, 5G device users must update their modems with the latest security patches, as soon as they are available. They must also avoid connecting to unreliable or unknown 5G networks, which could be fake base stations. In case of doubt, they can disable 5G and use 4G or Wi-Fi.
How 5Ghoul compares to other 5G attacks?
5Ghoul is not the first security flaw that affects 5G. Other 5G attacks have been discovered in the past, exploiting weaknesses in the protocol or in the equipment. Here are some examples of 5G attacks and their differences with 5Ghoul:
ReVoLTE
ReVoLTE is an attack that allows to listen to voice calls 4G and 5G by exploiting a vulnerability in the encryption of data. This vulnerability is due to the fact that some base stations reuse the same encryption key for multiple communication sessions, which allows an attacker to decrypt the content of the calls by capturing the radio signals.
It is different from 5Ghoul because it does not target the 5G modem, but the encryption of data. ReVoLTE also requires that the attacker be close to the victim and have specialized equipment to intercept the radio signals. ReVoLTE does not cause denial of service or degradation of the network, but it compromises the confidentiality of communications.
ToRPEDO
ToRPEDO is an attack that allows to locate, track or harass mobile phone users 4G and 5G by exploiting a vulnerability in the paging protocol. This protocol is used to notify mobile devices of incoming calls or messages. By sending repeated messages to a phone number, an attacker can trigger paging messages on the network, and thus determine the position or identity of the target device.
It is different from 5Ghoul because it does not target the 5G modem, but the paging protocol. ToRPEDO also requires that the attacker knows the phone number of the victim and has access to the mobile network. ToRPEDO does not cause denial of service or degradation of the network, but it compromises the privacy of users.
IMP4GT
IMP4GT is an attack that allows to degrade the quality of the 5G network by exploiting a vulnerability in the security protocol. This protocol is used to authenticate and encrypt the communications between 5G devices and base stations. By modifying the messages exchanged between the two parties, an attacker can mislead the network and the device on the level of security required, and thus reduce the throughput or latency of the connection.
It is different from 5Ghoul because it does not target the 5G modem, but the security protocol. IMP4GT also requires that the attacker be close to the base station and have equipment capable of modifying the messages. IMP4GT does not cause denial of service or crash of the modem, but it degrades the quality of the network.
SS7
SS7 is a set of signaling protocols used by mobile operators to establish and manage calls and messages between different networks. SS7 has existed since the 1970s and has not evolved much since, making it vulnerable to hacking attacks. By exploiting the flaws of SS7, an attacker can intercept SMS and voice calls, locate and track users, bypass two-factor authentication, or subscribe subscribers to paid services without their consent.
It is different from 5Ghoul because it does not target the 5G modem, but the signaling protocol. SS7 affects all types of mobile networks, including 5G, because it still uses SS7 for some functions, such as mobility management or compatibility with 2G and 3G networks. SS7 requires that the attacker has access to the signaling network, which is not easy to obtain, but not impossible. SS7 does not cause denial of service or crash of the modem, but it compromises the confidentiality and integrity of communications.
How and why to encrypt SMS, MMS and RCS without contact?
Contactless encryption is a method of protecting mobile communications that uses NFC (Near Field Communication) technology to establish a secure connection between two devices. NFC is a wireless communication protocol that allows to exchange data by bringing two compatible devices within a few centimeters of each other.
Contactless encryption relies on the use of an external device called NFC HSM (Hardware Security Module), which is a hardware security module that stores and manages encryption keys. The NFC HSM comes in the form of a card, a keychain or a bracelet, that the user must bring close to his phone to activate the encryption. The NFC HSM communicates with the phone via NFC and transmits the encryption key needed to secure the messages.
The technologies EviCore NFC HSM and EviCypher NFC HSM are examples of contactless encryption solutions developed by the Andorran company Freemindtronic. EviCore NFC HSM is a hardware security module that allows to encrypt SMS, MMS and RCS (Rich Communication Services) end-to-end, meaning that only the recipients can read the messages. EviCypher NFC HSM is a hardware security module that allows to encrypt multimedia files (photos, videos, audio, etc.) and share them via SMS, MMS or RCS.
Contactless encryption has several advantages over conventional encryption of mobile communications:
It offers a higher level of security, because the encryption key is not stored on the phone, but on the NFC HSM, which is more difficult to hack or steal.
It is compatible with all types of mobile networks, including 5G, because it does not depend on the communication protocol used, but on NFC.
It is easy to use, because it is enough to bring the NFC HSM close to the phone to activate the encryption, without having to install a specific application or create an account.
It is transparent, because it does not change the appearance or functioning of the messages, which remain accessible from the native application of the phone.
Statistics on 5Ghoul
How widespread are 5Ghouls? What are the trends and impacts of these flaws? Some statistics on 5Ghoul, based on sources and data that are a priori reliable.
5Ghoul: a threat to 5G devices
5Ghoul is a set of 5G NR vulnerabilities that affect Qualcomm and MediaTek modems, which are used by most 5G devices on the market. According to the researchers who discovered 5Ghoul, these vulnerabilities can cause denial-of-service attacks or network degradations.
How many 5G devices are affected by 5Ghoul? According to a report by Counterpoint Research, Qualcomm and MediaTek accounted for 79% of the global smartphone chipset market in Q3 2020. Qualcomm had a 39% share, while MediaTek had a 40% share. Assuming that all Qualcomm and MediaTek chipsets are vulnerable to 5Ghoul, this means that nearly 8 out of 10 smartphones are potentially at risk.
How many 5G NR vulnerabilities are known? According to the CVE (Common Vulnerabilities and Exposures) database. There are 16 CVE entries related to 5G NR as of April 2021. Four of them are ZeroDay vulnerabilities that have not been publicly disclosed nor fixed by the manufacturers. These vulnerabilities are classified as level 1 or 2, meaning that they can cause denial-of-service attacks or network degradations.
How many 5G attacks have been reported? According to the SANS Internet Storm Center, there have been no reports of 5Ghoul attacks in the wild as of April 2021. However, this does not mean that 5Ghoul is not exploited by malicious actors. The researchers who discovered 5Ghoul have developed a proof-of-concept tool called 5Ghoul-Scanner, which can detect and exploit 5Ghoul vulnerabilities. They have also released a video demonstration of 5Ghoul attacks.
Conclusion
5Ghoul is a security flaw that affects 5G modems from Qualcomm and MediaTek, which are used by most 5G devices on the market. 5Ghoul allows an attacker to disrupt the functioning of smartphones, routers and modems 5G, or even make them unusable. 5Ghoul stands out from other 5G attacks known, such as ReVoLTE, ToRPEDO, IMP4GT or SS7, by the fact that it targets the 5G modem, that it does not require secret information or specialized equipment, and that it causes denial-of-service attacks or degradations of the network. To protect yourself from 5Ghoul, 5G device users must update their modems with the latest security patches, and avoid connecting to unreliable or unknown 5G networks.
Ledger security breaches written by Jacques Gascuel, inventor specializing in safety and security of sensitive data, for Freemindtronic. This article will be updated with any new information on the topic.
Ledger security incidents: How Hackers Exploited Them and How to Stay Safe
Ledger security breaches have exposed the personal data and private keys of many users. Ledger is a French company that provides secure devices to store and manage your funds. But since 2017, hackers have targeted Ledger’s e-commerce and marketing database, as well as its software and hardware products. In this article, you will discover the different breaches, how hackers exploited them, what their consequences were, and how you can protect yourself from these threats.
Ledger Security Breaches from 2017 to 2023: How to Protect Your Cryptocurrencies from Hackers
Have you ever wondered how safe your cryptocurrencies are? If you are using a Ledger device, you might think that you are protected from hackers and thieves. Ledger is a French company that specializes in cryptocurrency security. It offers devices that allow you to store and manage your funds securely. These devices are called hardware wallets, and they are designed to protect your private keys from hackers and thieves.
However, since 2017, Ledger has been victim of several security breaches, which have exposed the personal data and private keys of its users. These breaches could allow hackers to steal your cryptocurrencies or harm you in other ways. In this article, we will show you the different breaches that were discovered, how they were exploited, what their consequences were, and how you can protect yourself from these threats.
Ledger Security Issues: The Seed Phrase Recovery Attack (February 2018)
The attack consisted of using an oscilloscope to measure the voltage variations on the reset pin of the device. These variations reflected the operations performed by the secure processor of the Ledger Nano S, which generated the seed phrase. By analyzing these variations, the attacker could reconstruct the seed phrase and access the user’s funds.
Simplified diagram of the attack
Statistics on the breach
Number of potentially affected users: about 1 million
Total amount of potentially stolen funds: unknown
Date of discovery of the breach by Ledger: February 20, 2018
Author of the discovery of the breach: Saleem Rashid, a security researcher
Date of publication of the fix by Ledger: April 3, 2018
Scenarios of hacker attacks
Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to connect the device to an oscilloscope and measure the voltage variations on the reset pin. The attacker can then use a software tool to reconstruct the seed phrase from the measurements.
Scenario of remote access: The attacker needs to trick the user into installing a malicious software on their computer, which can communicate with the device and trigger the reset pin. The attacker then needs to capture the voltage variations remotely, either by using a wireless device or by compromising the oscilloscope. The attacker can then use a software tool to reconstruct the seed phrase from the measurements.
Ledger Security Flaws: The Firmware Replacement Attack (March 2018)
The firmware is the software that controls the operation of the device. It must be digitally signed by Ledger to ensure its integrity. In March 2018, the same researcher discovered another breach in the Ledger Nano S, which allowed an attacker to replace the firmware of the device with a malicious firmware, capable of stealing the private keys or falsifying the transactions.
How did hackers exploit the Ledger Security Breaches?
The attack consisted of exploiting a vulnerability in the mechanism of verification of the firmware signature. The attacker could create a malicious firmware that passed the signature check, and that installed on the device. This malicious firmware could then send the user’s private keys to the attacker, or modify the transactions displayed on the device screen.
Simplified diagram of the attack
Statistics on the breach
Number of potentially affected users: about 1 million
Total amount of potentially stolen funds: unknown
Date of discovery of the breach by Ledger: March 20, 2018
Author of the discovery of the breach: Saleem Rashid, a security researcher
Date of publication of the fix by Ledger: April 3, 2018
Scenarios of hacker attacks
Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to connect the device to a computer and install the malicious firmware on it. The attacker can then use the device to access the user’s funds or falsify their transactions.
Scenario of remote access: The attacker needs to trick the user into installing the malicious firmware on their device, either by sending a fake notification, a phishing email, or a malicious link. The attacker then needs to communicate with the device and send the user’s private keys or modify their transactions.
Sources
: [Breaking the Ledger Security Model – Saleem Rashid] published on March 20, 2018.
: [Ledger Nano S Firmware 1.4.1: What’s New? – Ledger Blog] published on March 6, 2018.
The printed circuit board is the hardware part of the device, which contains the electronic components. It must be protected against malicious modifications, which could compromise the security of the device. In November 2018, a security researcher named Dmitry Nedospasov discovered a breach in the Ledger Nano S, which allowed an attacker with physical access to the device to modify the printed circuit board and install a listening device, capable of capturing the private keys or modifying the transactions.
How did hackers exploit the breach?
The attack consisted of removing the case of the device, and soldering a microcontroller on the printed circuit board. This microcontroller could intercept the communications between the secure processor and the non-secure processor of the Ledger Nano S, and transmit them to the attacker via a wireless connection. The attacker could then access the user’s private keys, or modify the transactions displayed on the device screen.
Simplified diagram of the attack
Statistics on the breach
Number of potentially affected users: unknown
Total amount of potentially stolen funds: unknown
Date of discovery of the breach by Ledger: November 7, 2019
Author of the discovery of the breach: Dmitry Nedospasov, a security researcher
Date of publication of the fix by Ledger: December 17, 2020
Scenarios of hacker attacks
Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to remove the case of the device and solder the microcontroller on the printed circuit board. The attacker can then use the wireless connection to access the user’s funds or modify their transactions.
Scenario of remote access: The attacker needs to compromise the wireless connection between the device and the microcontroller, either by using a jammer, a repeater, or a hacker device. The attacker can then intercept the communications between the secure processor and the non-secure processor, and access the user’s funds or modify their transactions.
Sources
[Breaking the Ledger Nano X – Dmitry Nedospasov] published on November 7, 2019.
[How to Verify the Authenticity of Your Ledger Device – Ledger Blog] published on December 17, 2020.
Ledger Security Breaches: The Connect Kit Attack (December 2023)
The Connect Kit is a software that allows users to manage their cryptocurrencies from their computer or smartphone, by connecting to their Ledger device. It allows to check the balance, send and receive cryptocurrencies, and access services such as staking or swap.
The Connect Kit breach was discovered by the security teams of Ledger in December 2023. It was due to a vulnerability in a third-party component used by the Connect Kit. This component, called Electron, is a framework that allows to create desktop applications with web technologies. The version used by the Connect Kit was not up to date, and had a breach that allowed hackers to execute arbitrary code on the update server of the Connect Kit.
How did hackers exploit the Ledger Security Breaches?
The hackers took advantage of this breach to inject malicious code into the update server of the Connect Kit. This malicious code was intended to be downloaded and executed by the users who updated their Connect Kit software. The malicious code aimed to steal the sensitive information of the users, such as their private keys, passwords, email addresses, or phone numbers.
Simplified diagram of the attack
Statistics on the breach
Number of potentially affected users: about 10,000
Total amount of potentially stolen funds: unknown
Date of discovery of the breach by Ledger: December 14, 2023
Author of the discovery of the breach: Pierre Noizat, director of security at Ledger
Date of publication of the fix by Ledger: December 15, 2023
Scenarios of hacker attacks
Scenario of remote access: The hacker needs to trick the user into updating their Connect Kit software, either by sending a fake notification, a phishing email, or a malicious link. The hacker then needs to download and execute the malicious code on the user’s device, either by exploiting a vulnerability or by asking the user’s permission. The hacker can then access the user’s information or funds.
Scenario of keyboard: The hacker needs to install a keylogger on the user’s device, either by using the malicious code or by another means. The keylogger can record the keystrokes of the user, and send them to the hacker. The hacker can then use the user’s passwords, PIN codes, or seed phrases to access their funds.
Scenario of screen: The hacker needs to install a screen recorder on the user’s device, either by using the malicious code or by another means. The screen recorder can capture the screen of the user, and send it to the hacker. The hacker can then use the user’s QR codes, addresses, or transaction confirmations to steal or modify their funds.
Ledger Security Breaches: The Data Leak (December 2020)
The database is the system that stores the information of Ledger customers, such as their names, addresses, phone numbers and email addresses. It must be protected against unauthorized access, which could compromise the privacy of customers. In December 2020, Ledger revealed that a breach in its database had exposed the personal data of 292,000 customers, including 9,500 in France.
How did hackers exploit the breach?
The breach had been exploited by a hacker in June 2020, who had managed to access the database via a poorly configured API key. The hacker had then published the stolen data on an online forum, making them accessible to everyone. Ledger customers were then victims of phishing attempts, harassment, or threats from other hackers, who sought to obtain their private keys or funds.
Simplified diagram of the attack :
Statistics on the breach
Number of affected users: 292,000, including 9,500 in France
Total amount of potentially stolen funds: unknown
Date of discovery of the breach by Ledger: June 25, 2020
Author of the discovery of the breach: Ledger, after being notified by a researcher
Date of publication of the fix by Ledger: July 14, 2020
Scenarios of hacker attacks
Scenario of phishing: The hacker sends an email or a text message to the user, pretending to be Ledger or another trusted entity. The hacker asks the user to click on a link, enter their credentials, or update their device. The hacker then steals the user’s information or funds.
Scenario of harassment: The hacker calls or visits the user, using their personal data to intimidate them. The hacker threatens the user to reveal their identity, harm them, or steal their funds, unless they pay a ransom or give their private keys.
Scenario of threats: The hacker uses the user’s personal data to find their social media accounts, family members, or friends. The hacker then sends messages or posts to the user or their contacts, threatening to harm them or expose their cryptocurrency activities, unless they comply with their demands.
Sources:
– [Ledger Data Breach: A Cybersecurity Update – Ledger Blog] published on January 29, 2021.
Comparison with other crypto wallets
Ledger is not the only solution to secure your cryptocurrencies. There are other options, such as other hardware wallets, software wallets, or exchanges. Each option has its advantages and disadvantages, depending on your needs and preferences. For example, other hardware wallets, such as Trezor or Keepser, offer similar features and security levels as Ledger, but they may have different designs, interfaces, or prices. Software wallets, such as Exodus or Electrum, are more convenient and accessible, but they are less secure and more vulnerable to malware or hacking. Exchanges, such as Coinbase or Binance, are more user-friendly and offer more services, such as trading or staking, but they are more centralized and risky, as they can be hacked, shut down, or regulated. Another option is to use a cold wallet, such as SeedNFC HSM, which is a patented HSM that uses NFC technology to store and manage your cryptocurrencies offline, without any connection to the internet or a computer. It also allows you to create up to 100 cryptocurrency wallets and check the balances from this NFC HSM.
Technological, Regulatory, and Societal Projections
The future of cryptocurrency security is uncertain and challenging. Many factors can affect Ledger and its users, such as technological, regulatory, or societal changes.
Technological changes
It changes could bring new threats, such as quantum computing, which could break the encryption of Ledger devices, or new solutions, such as biometric authentication or segmented key authentication patented by Freemindtronic, which could improve the security of Ledger devices.
Regulatory changes
New rules or restrictions could affect Cold Wallet and Hardware Wallet manufacturers and users, such as Ledger. For example, KYC (Know Your Customer) or AML (Anti-Money Laundering) requirements could compromise the privacy and anonymity of Ledger users. They could also ban or limit the use of cryptocurrencies, which could reduce the demand and value of Ledger devices. On the other hand, other manufacturers who have anticipated these new legal constraints could have an advantage over Ledger. Here are some examples of regulatory changes that could affect Ledger and other crypto wallets:
MiCA, the proposed EU regulation on crypto-asset markets, aims to create a harmonized framework for crypto-assets and crypto-asset service providers in the EU. It also seeks to address the risks and challenges posed by crypto-assets, such as consumer protection, market integrity, financial stability and money laundering.
U.S. interagency report on stablecoins recommends that Congress consider new legislation to ensure that stablecoins and stablecoin arrangements are subject to a federal prudential framework. It also proposes additional features, such as limiting issuers to insured depository institutions, subjecting entities conducting stablecoin activities (e.g., digital wallets) to federal oversight, and limiting affiliations between issuers and commercial entities.
Revised guidance from the Financial Action Task Force (FATF) on virtual assets and virtual asset service providers (VASPs) clarifies the application of FATF standards to virtual assets and VASPs. It also introduces new obligations and recommendations for PSAVs, such as the implementation of the travel rule, licensing and registration of PSAVs, and supervision and enforcement of PSAVs.
These regulatory changes could have significant implications for Ledger and other crypto wallets. They could require them to comply with new rules and standards, to obtain new licenses or registrations, to implement new systems and processes, and to face new supervisory and enforcement actions.
Societal changes
Societal changes could influence the perception and adoption of Ledger and cryptocurrencies, such as increased awareness and education, which could increase the trust and popularity of Ledger devices, or increased competition and innovation, which could challenge the position and performance of Ledger devices. For example, the EviSeed NFC HSM technology allows the creation of up to 100 cryptocurrency wallets on 5 different blockchains chosen freely by the user.
Technological alternatives
Technological alternatives are already available, such as EviCore NFC HSM, EviCore HSM OpenPGP, EviCore NFC HSM Browser Extension and the NFC HSM devices that work without contact, developed and manufactured by Freemindtronic in Andorra. These are new cyber security and safety technologies that use HSMs with or without NFC. They offer a wide range of security features to manage your cryptocurrencies and other digital assets. These technologies also offer the hardware management of complex and complicated passwords by EviPass NFC HSM, OTP (2FA) keys by EviOTP NFC HSM, Seed Phrases by EviSeed NFC HSM, and the creation of multiple cryptocurrency wallets on the same device.
Conclusion
Ledger, the French leader in cryptocurrency security, has faced several security breaches since 2017. As a result of these breaches, hackers could steal the private keys and funds of Ledger users. In response to these threats, Ledger reacted by publishing security updates, informing its users, and strengthening its protection measures. However, Ledger users must be vigilant and follow the recommendations of Ledger to protect themselves from these attacks. Despite these challenges, Ledger remains a reliable and secure device to manage cryptocurrencies, as long as the best practices of digital hygiene are respected. If you want to learn more about Ledger and its products, you can visit their official website or read their blog. Additionally, you can also check their security reports and their help center for more information.
